[openstack-dev] [kolla][security] Obtaining the vulnerability:managed tag

Ryan Hallisey rhallise at redhat.com
Tue Mar 1 17:12:45 UTC 2016


I have experience writing selinux policy. My plan was to write the selinux policy for Kolla in the next cycle.  I'd be interested in joining if that fits the criteria here.


----- Original Message -----
From: "Steven Dake (stdake)" <stdake at cisco.com>
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
Sent: Tuesday, March 1, 2016 11:55:55 AM
Subject: [openstack-dev] [kolla][security] Obtaining the	vulnerability:managed tag

Core reviewers, 

Please review this document: 

It describes how vulnerability management is handled at a high level for Kolla. When we are ready, I want the kolla delivery repos vulnerabilities to be managed by the VMT team. By doing this, we standardize with other OpenStack processes for handling security vulnerabilities. 

The first step is to form a kolla-coresec team, and create a separate kolla-coresec tracker. I have already created the tracker for kolla-coresec and the kolla-coresec team in launchpad: 



I have a history of security expertise, and the PTL needs to be on the team as an escalation point as described in the VMT tagging document above. I also need 2-3 more volunteers to join the team. You can read the requirements of the job duties in the vulnerability:managed tag. 

If your interested in joining the VMT team, please respond on this thread. If there are more then 4 individuals interested in joining this team, I will form the team from the most active members based upon liberty + mitaka commits, reviews, and PDE spent. 


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list