[openstack-dev] [kolla][security][release] Obtaining the vulnerability:managed tag

Jeremy Stanley fungi at yuggoth.org
Fri Mar 4 00:14:40 UTC 2016

On 2016-03-03 23:57:04 +0000 (+0000), Steven Dake (stdake) wrote:
> If anything in this email is wrong, feel free to correct me and
> get us on the right track.

Sounds on track to me. The goal of having some guidelines for this
was mainly just to try and avoid the VMT taking responsibility for a
project and then immediately having it become a huge burden due to
obvious latent vulnerabilities, lack of subject matter expert
developers available to triage those which do get reported, et
cetera. It's an attempt to ensure some up-front due diligence so
that we're not taking on more than we can reasonably handle, since
the VMT is by design a constrained team centrally assigning
identifiers, tracking the state of outstanding embargoes and
privately curating impact descriptions for later inclusion in public
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160304/4f2d1501/attachment.pgp>

More information about the OpenStack-dev mailing list