Open Stack

Hi everyone,

TL;DR:
Update
https://wiki.openstack.org/wiki/CrossProjectLiaisons#Vulnerability_management

Longer version:

In the same spirit as the Oslo Liaisons, we are introducing in the Kilo
cycle liaisons for the Vulnerability Management Team.

Historically we've been trying to rely on a group of people with ACL
access to the private security bugs for the project (the
$PROJECT-coresec group in Launchpad), but in some cases it resulted in a
"everyone in charge, nobody in charge" side effect. We think we could
benefit from stronger ties and involvement by designating specific liaisons.

VMT liaisons will help assessing the impact of reported issues,
coordinate the development of patches, review proposed patches and
propose backports. The liaison should be familiar with the Vulnerability
Management process
(https://wiki.openstack.org/wiki/Vulnerability_Management) and embargo
rules, and have a good grasp of security issues in software design. The
liaison may of course further delegate work to other subject matter experts.

The liaison should be a core reviewer for the project, but does not need
to be the PTL. By default, if nobody else is mentioned, the liaison will
be the PTL.

If you're up for it, talk to your PTL and add your name to:
https://wiki.openstack.org/wiki/CrossProjectLiaisons#Vulnerability_management

Thanks for your help in keeping OpenStack secure !

-- 
Thierry Carrez (ttx)