[openstack-dev] [all] [security] Security SIG

Luke Hinds lhinds at redhat.com
Thu Dec 14 17:30:16 UTC 2017

Hi All,

Following on from the mailing list discussion [0], we now plan to change
the Security Project into a Special Interest Group (The Security SIG).

SIGs are a good match for an activity that centers around a topic or
practice that spans all the community (developers, operators, end
users...), by forming a guild of people with a shared interest. This rings
especially true for security, where changes are often needed cross-project
and not in a silo. A SIG will also (we hope) encourage more user / operator
involvement and lead to discussions of field centric security pains, which
can then be realised as specs and code.

One key point , there will be no change in our overall operations and
working structure. We will still continue to manage and care for the
Security Guide, OSSNs, Bandit, Threat Reviews, Syntribos as well as
encourage and incubate new security projects. We will of course also
continue to work with the VMT, and will keep a Sec-Core group for launchpad
that can work with embargoed issues.

The plan is to make the change at the coming release juncture (Queens ->

Shortly I will follow up with a PTG planning etherpad with a view to
encourage projects and operators / users to seed security related
discussions within the SIGs PTG room. We will also perform an s/Security
Group/Security SIG in the docs and Wiki around the time of the PTG / post
Queens release.


Best Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171214/425f3d39/attachment.html>

More information about the OpenStack-dev mailing list