In 2016, what was then the Security Project Team embarked on an effort to centrally collect security analyses of OpenStack components. It accumulated a total of two, one for Barbican as of the Newton release, and another for KeystoneMiddleware as of Pike. The latter was finalized in 2017 and took nearly a year to merge due to already waning enthusiasm and reviewer availability: https://docs.openstack.org/security-analysis Given this effort was effectively abandoned years ago, the Security SIG members agree that the repository should be retired in order to reduce confusion. The vulnerability management oversight requirements were amended in February to remove any reference to this process, and we reached a consensus that this sort of documentation is better off inside the projects which are writing it rather than collected centrally with a disconnected (or in this case absent) group of reviewers and maintainers. This message serves as notice to the community that we will be pushing changes to follow the usual OpenStack repository retirement process for openstack/security-analysis in the coming days. As usual, the final state of the documents will be found in the parent commit of the one which wipes all the old files, but for posterity I'll link it here as well: https://opendev.org/openstack/security-analysis/src/commit/ac43025 Many thanks to those who attempted to provide and review these analyses in years past. The idea of maintaining information on the security risks and considerations for the systems we design is still a good one, and something I hope our contributor community might find more time to focus on in the years to come; but the place to document those things is right alongside the rest of the software's documentation, there's nothing inherently special or different about it. -- Jeremy Stanley