[openstack-dev] [kolla][security] Obtaining the vulnerability:managed tag

Michał Jastrzębski inc007 at gmail.com
Wed Mar 2 05:32:23 UTC 2016


As I said on irc:) count me in sdake!

On 1 March 2016 at 22:11, Swapnil Kulkarni <me at coolsvap.net> wrote:
> On Tue, Mar 1, 2016 at 10:25 PM, Steven Dake (stdake) <stdake at cisco.com> wrote:
>> Core reviewers,
>>
>> Please review this document:
>> https://github.com/openstack/governance/blob/master/reference/tags/vulnerability_managed.rst
>>
>> It describes how vulnerability management is handled at a high level for
>> Kolla.  When we are ready, I want the kolla delivery repos vulnerabilities
>> to be managed by the VMT team.  By doing this, we standardize with other
>> OpenStack processes for handling security vulnerabilities.
>>
>> The first step is to form a kolla-coresec team, and create a separate
>> kolla-coresec tracker.  I have already created the tracker for kolla-coresec
>> and the kolla-coresec team in launchpad:
>>
>> https://launchpad.net/~kolla-coresec
>>
>> https://launchpad.net/kolla-coresec
>>
>> I have a history of security expertise, and the PTL needs to be on the team
>> as an escalation point as described in the VMT tagging document above.  I
>> also need 2-3 more volunteers to join the team.  You can read the
>> requirements of the job duties in the vulnerability:managed tag.
>>
>> If your interested in joining the VMT team, please respond on this thread.
>> If there are more then 4 individuals interested in joining this team, I will
>> form the team from the most active members based upon liberty + mitaka
>> commits, reviews, and PDE spent.
>>
>> Regards
>> -steve
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> I am interested in security. I would .like to be a part of it.
>
> ~coolsvap
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list