[openstack-dev] [glance] [VMT] [Security] Proposal to add Brian Rosmaita to the glance-coresec team

Nikhil Komawar nik.komawar at gmail.com
Thu May 12 22:21:17 UTC 2016



On 5/12/16 6:19 PM, Nikhil Komawar wrote:
>
>
> On 5/12/16 6:04 PM, Flavio Percoco wrote:
>> On 12/05/16 17:38 -0400, Nikhil Komawar wrote:
>>> Comments, alternate proposal inline.
>>>
>>>
>>>
>>> On 5/12/16 8:35 AM, Jeremy Stanley wrote:
>>>> On 2016-05-11 23:39:58 -0400 (-0400), Nikhil Komawar wrote:
>>>>> I would like to propose adding add Brian to the team.
>>>> [...]
>>>>
>>>> I'm thrilled to see Glance adding more security-minded reviewers for
>>>> embargoed vulnerability reports! One thing to keep in mind though is
>>>> that you need to keep the list of people with access to these
>>>> relatively small; I see
>>>> https://launchpad.net/~glance-coresec/+members has five members now.
>>>
>>> Thanks for raising this. Yes, we are worried about it too. But as you
>>> bring it up, it becomes even more important. A lot of Glancers time
>>> share with other projects and lack bandwidth to contribute fully to
>>> this
>>> responsibility. Currently, I do not know if anyone can be rotated
>>> out as
>>> we have had pretty good input from all the folks there.
>>>
>>>> While the size I picked in item #2 at
>>>> <URL:
>>>> https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements
>>>> >
>>>> is not meant to be a strict limit, you may still want to take this
>>>> as an opportunity to rotate out some of your less-active reviewers
>>>> (if there are any).
>>>>
>>>>
>>>
>>> Thanks for not being strict on it.
>>>
>>> I do however, want to make another proposal:
>>>
>>>
>>> Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as
>>> his substitute. As soon as Stuart is back and is ready to shoulder this
>>> responsibility we should do the rotation.
>>>
>>> Please vote +1, 0, -1.
>>>
>>> I will consider final votes by Thur May 19 2100 UTC.
>>
>>
>> Can we ask Stuart if he's ok with us removing him from the coresec
>> team? I think
>> he won't have time for it and it'd be irresponsible from us to send
>> VMT bugs to
>> him at this point.
>>

I just realized we both meant the same thing, my description wasn't too
clear though on what I meant as rotation.

>
> Confirmation enqueue.
>
>> Cheers,
>> Flavio
>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> -- 
>
> Thanks,
> Nikhil

-- 

Thanks,
Nikhil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160512/0007cb5e/attachment.html>


More information about the OpenStack-dev mailing list