[openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

Jeremy Stanley fungi at yuggoth.org
Wed Aug 5 15:22:29 UTC 2015


On 2015-08-05 15:04:15 +0000 (+0000), Ian Cordasco wrote:
> One point of clarification. Not every project has to opt into
> global-requirements so this isn't necessarily true. Also with the
> merging of the stackforge and openstack namespaces, it'll be
> harder to distinguish when a project is or isn't using g-r since
> in the past it was fairly safe to assume that stackforge/ projects
> were more likely to not use g-r.

Agreed, this used to be a (perhaps not well-documented) necessity
for repos which were in or dependencies of the integrated release.
Now that we've dissolved more of those arbitrary distinctions, this
seems like a great opportunity for tracking with a governance tag.
I'll go ahead and propose one later today if I get a spare moment.
-- 
Jeremy Stanley



More information about the OpenStack-dev mailing list