[openstack-dev] [security] [telemetry] How to handle security bugs

Adam Heczko aheczko at mirantis.com
Tue Jan 17 13:14:06 UTC 2017


Hi Julien, I think that you should follow this [1] workflow.

TL;DR: Pls make sure that if the bug is serious make it private on LP so
that only core team members can access it and propose patches. Please do
not send patches to Gerrit review queue but rather attach it to LP bug
ticket and discuss there. Contact VMT members to get more details on how to
get Telemetry project covered by VMT.

[1] https://security.openstack.org/vmt-process.html

On Tue, Jan 17, 2017 at 1:26 PM, Julien Danjou <julien at danjou.info> wrote:

> Hi,
>
> I've asked on #openstack-security without success, so let me try here
> insteead:
>
> We, Telemetry, have a security bug and we're not managed by VMT, any
> hint as how to handle our bug? Or how to get covered by VMT? 😊
>
> Cheers,
> --
> Julien Danjou
> /* Free Software hacker
>    https://julien.danjou.info */
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Adam Heczko
Security Engineer @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170117/b7d0176e/attachment.html>


More information about the OpenStack-dev mailing list