[openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)
Jeremy Stanley
fungi at yuggoth.org
Wed Aug 5 17:00:22 UTC 2015
On 2015-08-05 15:22:29 +0000 (+0000), Jeremy Stanley wrote:
[...]
> Now that we've dissolved more of those arbitrary distinctions, this
> seems like a great opportunity for tracking with a governance tag.
> I'll go ahead and propose one later today if I get a spare moment.
Actually, I take that back. Now that the TC has decreed tags don't
apply to individual source repositories (they apply to either
project-teams or to "deliverables" which are higher-level
collections of repos) I'm no longer sure how we would go about
documenting repo-specific details like this anyway.
To Clark's point, "tracking requirements" is an emergent property
from the combination of requirements sync proposals and requirements
enforcement jobs. If we can find a way to force one of those to
depend on the other (perhaps the requirements sync can stop using a
flat file and instead operate on parsed output from our zuul
layout?) then that would be a cleaner means of identifying this
repo-specific detail.
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list