Hey all,
A recent topic at Ironic meetings the last couple of weeks have been around vulnerability management. Ironic has not been using the OpenStack VMT traditionally; for reasons that AFAICT are lost to time.
Is there any reason Ironic should not be vulnerability-managed? Is the security team willing to have us?
The only potential complication is that Ironic may receive reports for vendor libraries used by Ironic but not maintained by Ironic -- I was hoping there might already be some historical precedent for how we handle those; it can't be that unique to Ironic.
What do folks think?
Thanks,
Jay Faulkner
Ironic PTL
TC Member