Open Stack

On 5/12/16 5:38 PM, Nikhil Komawar wrote:
> Comments, alternate proposal inline.
>
>
>
> On 5/12/16 8:35 AM, Jeremy Stanley wrote:
>> On 2016-05-11 23:39:58 -0400 (-0400), Nikhil Komawar wrote:
>>> I would like to propose adding add Brian to the team.
>> [...]
>>
>> I'm thrilled to see Glance adding more security-minded reviewers for
>> embargoed vulnerability reports! One thing to keep in mind though is
>> that you need to keep the list of people with access to these
>> relatively small; I see
>> https://launchpad.net/~glance-coresec/+members has five members now.
> Thanks for raising this. Yes, we are worried about it too. But as you
> bring it up, it becomes even more important. A lot of Glancers time
> share with other projects and lack bandwidth to contribute fully to this
> responsibility. Currently, I do not know if anyone can be rotated out as
> we have had pretty good input from all the folks there.
>
>> While the size I picked in item #2 at
>> <URL: https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements >
>> is not meant to be a strict limit, you may still want to take this
>> as an opportunity to rotate out some of your less-active reviewers
>> (if there are any).
>>
>>
> Thanks for not being strict on it.
>
> I do however, want to make another proposal:
>
>
> Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as
> his substitute. As soon as Stuart is back and is ready to shoulder this
> responsibility we should do the rotation.


As per the proposal, +1s and no objections raised, I've made the
substitution.

Please note, however, after talking with Brian and Hemanth, Hemanth has
signed up to be Glance liaison to the VMT team along with me. I've
updated the wiki:
https://wiki.openstack.org/wiki/CrossProjectLiaisons#Vulnerability_management


>
> Please vote +1, 0, -1.
>
> I will consider final votes by Thur May 19 2100 UTC.
>

-- 

Thanks,
Nikhil