[openstack-dev] [glance] [VMT] [Security] Proposal to add Brian Rosmaita to the glance-coresec team
Flavio Percoco
flavio at redhat.com
Thu May 12 22:04:08 UTC 2016
On 12/05/16 17:38 -0400, Nikhil Komawar wrote:
>Comments, alternate proposal inline.
>
>
>
>On 5/12/16 8:35 AM, Jeremy Stanley wrote:
>> On 2016-05-11 23:39:58 -0400 (-0400), Nikhil Komawar wrote:
>>> I would like to propose adding add Brian to the team.
>> [...]
>>
>> I'm thrilled to see Glance adding more security-minded reviewers for
>> embargoed vulnerability reports! One thing to keep in mind though is
>> that you need to keep the list of people with access to these
>> relatively small; I see
>> https://launchpad.net/~glance-coresec/+members has five members now.
>
>Thanks for raising this. Yes, we are worried about it too. But as you
>bring it up, it becomes even more important. A lot of Glancers time
>share with other projects and lack bandwidth to contribute fully to this
>responsibility. Currently, I do not know if anyone can be rotated out as
>we have had pretty good input from all the folks there.
>
>> While the size I picked in item #2 at
>> <URL: https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements >
>> is not meant to be a strict limit, you may still want to take this
>> as an opportunity to rotate out some of your less-active reviewers
>> (if there are any).
>>
>>
>
>Thanks for not being strict on it.
>
>I do however, want to make another proposal:
>
>
>Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as
>his substitute. As soon as Stuart is back and is ready to shoulder this
>responsibility we should do the rotation.
>
>Please vote +1, 0, -1.
>
>I will consider final votes by Thur May 19 2100 UTC.
Can we ask Stuart if he's ok with us removing him from the coresec team? I think
he won't have time for it and it'd be irresponsible from us to send VMT bugs to
him at this point.
Cheers,
Flavio
--
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160512/8ee5539f/attachment.pgp>
More information about the OpenStack-dev
mailing list