[openstack-dev] [glance] [VMT] [Security] Proposal to add Brian Rosmaita to the glance-coresec team

Flavio Percoco flavio at redhat.com
Thu May 12 22:21:23 UTC 2016 

On 12/05/16 18:21 -0400, Nikhil Komawar wrote:
>
>
>On 5/12/16 6:19 PM, Nikhil Komawar wrote:
>
>
>
>    On 5/12/16 6:04 PM, Flavio Percoco wrote:
>
>        On 12/05/16 17:38 -0400, Nikhil Komawar wrote:
>
>            Comments, alternate proposal inline.
>
>
>
>            On 5/12/16 8:35 AM, Jeremy Stanley wrote:
>
>                On 2016-05-11 23:39:58 -0400 (-0400), Nikhil Komawar wrote:
>
>                    I would like to propose adding add Brian to the team.
>
>                [...]
>
>                I'm thrilled to see Glance adding more security-minded
>                reviewers for
>                embargoed vulnerability reports! One thing to keep in mind
>                though is
>                that you need to keep the list of people with access to these
>                relatively small; I see
>                https://launchpad.net/~glance-coresec/+members has five members
>                now.
>
>
>            Thanks for raising this. Yes, we are worried about it too. But as
>            you
>            bring it up, it becomes even more important. A lot of Glancers time
>            share with other projects and lack bandwidth to contribute fully to
>            this
>            responsibility. Currently, I do not know if anyone can be rotated
>            out as
>            we have had pretty good input from all the folks there.
>
>
>                While the size I picked in item #2 at
>                <URL: https://governance.openstack.org/reference/tags/
>                vulnerability_managed.html#requirements >
>                is not meant to be a strict limit, you may still want to take
>                this
>                as an opportunity to rotate out some of your less-active
>                reviewers
>                (if there are any).
>
>
>
>
>            Thanks for not being strict on it.
>
>            I do however, want to make another proposal:
>
>
>            Since Stuart is our VMT liaison and he's on hiatus, can we add
>            Brian as
>            his substitute. As soon as Stuart is back and is ready to shoulder
>            this
>            responsibility we should do the rotation.
>
>            Please vote +1, 0, -1.
>
>            I will consider final votes by Thur May 19 2100 UTC.
>
>
>
>        Can we ask Stuart if he's ok with us removing him from the coresec
>        team? I think
>        he won't have time for it and it'd be irresponsible from us to send VMT
>        bugs to
>        him at this point.
>
>
>
>I just realized we both meant the same thing, my description wasn't too clear
>though on what I meant as rotation.

Ah-ha! Gotcha! then +1 from me too :)

>
>
>    Confirmation enqueue.
>
>
>        Cheers,
>        Flavio
>
>
>       
>
>        __________________________________________________________________________
>        OpenStack Development Mailing List (not for usage questions)
>        Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>    --
>
>    Thanks,
>    Nikhil
>
>
>--
>
>Thanks,
>Nikhil
>

-- 
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160512/deb2866f/attachment.pgp>

More information about the OpenStack-dev mailing list