[openstack-dev] [puppet] [security] applying for vulnerability:managed tag

Thierry Carrez thierry at openstack.org
Tue Sep 1 07:45:46 UTC 2015


Emilien Macchi wrote:
> I would like the feedback from the community about applying (or not) to
> the vulnerability:managed tag [1].
> Being part of OpenStack ecosystem and the big tent, Puppet OpenStack
> project might want to follow some other projects in order to be
> consistent in Security management procedures.

Hi Emilien,

This tag is not managed by the TC, it's directly managed by the
Vulnerability Management Team (under the Security project team). It's
their decision to evaluate if your code is mature enough and if your
team is organized enough that they feel confident they can tackle the
additional workload.

You can find their contact details at:
https://security.openstack.org/

-- 
Thierry Carrez (ttx)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150901/21cba93d/attachment.pgp>


More information about the OpenStack-dev mailing list