[cinder][vmt] updating the cinder core security contacts team
Greetings to all people interested in cinder security, The “Cinder Core security contacts” team [0] is a proper subset of the cinder core team who are notified when the OpenStack VMT assigns a private security bug to cinder following the vulnerability management process [1]. The VMT prefers that this group be kept small, so often adding someone entails removing someone else. I propose the following changes: add: - Jon Bernard (current cinder core, and Cinder PTL for Dalmatian) remove: the following people, who have not worked on security bugs over the past few development cycles: - Ivan Kolodyazhny - Sean McGinnis - Walt Boring The Cinder project team thanks Ivan, Sean, and Walt for their past security service to the project. If you have any comments or concerns, please reply on the mailing list before 12:00 UTC Friday 12 April 2024. cheers, brian [0] https://launchpad.net/~cinder-coresec/+members [1] https://security.openstack.org/vmt-process.html
On 2024-04-05 10:00:46 -0400 (-0400), Brian Rosmaita wrote:
The “Cinder Core security contacts” team [0] is a proper subset of the cinder core team who are notified when the OpenStack VMT assigns a private security bug to cinder following the vulnerability management process [1]. The VMT prefers that this group be kept small, so often adding someone entails removing someone else. [...] If you have any comments or concerns, please reply on the mailing list before 12:00 UTC Friday 12 April 2024.
No concerns from me (VMT hat squarely on), but I did want to comment that I really appreciate you reviewing/refreshing that group and encourage all other project teams to do the same with some regularity. Thanks! -- Jeremy Stanley
+1 for adding Jon to core security. It will be a valuable addition and being PTL, I feel his presence is important to orchestrate the security discussions. Regarding the cores being removed, I agree with Brian that they haven't been active for the past couple of cycles and it is important to keep the core security group small. Not to forget, the members are still Cinder cores and we would be happy to get their feedback on any security issue if required. Thanks for all your contributions Ivan, Walt and Sean! +1 to both proposals On Fri, Apr 5, 2024 at 8:22 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
The “Cinder Core security contacts” team [0] is a proper subset of the cinder core team who are notified when the OpenStack VMT assigns a
On 2024-04-05 10:00:46 -0400 (-0400), Brian Rosmaita wrote: private
security bug to cinder following the vulnerability management process [1]. The VMT prefers that this group be kept small, so often adding someone entails removing someone else. [...] If you have any comments or concerns, please reply on the mailing list before 12:00 UTC Friday 12 April 2024.
No concerns from me (VMT hat squarely on), but I did want to comment that I really appreciate you reviewing/refreshing that group and encourage all other project teams to do the same with some regularity. Thanks! -- Jeremy Stanley
Having heard only positive responses, I have made the changes outlined below. Thanks to everyone who replied! On 4/5/24 10:00 AM, Brian Rosmaita wrote:
Greetings to all people interested in cinder security,
The “Cinder Core security contacts” team [0] is a proper subset of the cinder core team who are notified when the OpenStack VMT assigns a private security bug to cinder following the vulnerability management process [1]. The VMT prefers that this group be kept small, so often adding someone entails removing someone else. I propose the following changes:
add: - Jon Bernard (current cinder core, and Cinder PTL for Dalmatian)
remove: the following people, who have not worked on security bugs over the past few development cycles: - Ivan Kolodyazhny - Sean McGinnis - Walt Boring
The Cinder project team thanks Ivan, Sean, and Walt for their past security service to the project.
If you have any comments or concerns, please reply on the mailing list before 12:00 UTC Friday 12 April 2024.
cheers, brian
[0] https://launchpad.net/~cinder-coresec/+members [1] https://security.openstack.org/vmt-process.html
participants (3)
-
Brian Rosmaita
-
Jeremy Stanley
-
Rajat Dhasmana