Open Stack

On 5/12/16 8:44 PM, Jeremy Stanley wrote:
> On 2016-05-12 17:38:22 -0400 (-0400), Nikhil Komawar wrote:
>> On 5/12/16 8:35 AM, Jeremy Stanley wrote:
> [...]
>>> While the size I picked in item #2 at
>>> <URL: https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements >
>>> is not meant to be a strict limit, you may still want to take this
>>> as an opportunity to rotate out some of your less-active reviewers
>>> (if there are any).
>> Thanks for not being strict on it.
> It's also possible this is an indication that we put the recommended
> cap too low, and should revisit it. I'll bring it up with other VMT
> members. I sort of picked that number out of the air... it seemed
> reasonable based on a survey of the sizes of some other supported
> projects' -coresec teams, but that's certainly worth revisiting.

+1 on re-iterating on the number

>> I do however, want to make another proposal:
>>
>> Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as
>> his substitute. As soon as Stuart is back and is ready to shoulder this
>> responsibility we should do the rotation.
> [...]
>
> This seems fine. It does make sense to not expose embargoed
> vulnerabilities to (even temporarily) inactive team members, as a
> matter of hygiene.

-- 

Thanks,
Nikhil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160512/e44159cf/attachment.html>