[openstack-dev] [security] [telemetry] How to handle security bugs
Rob C
hyakuhei at gmail.com
Tue Jan 17 13:38:40 UTC 2017
You've done the right thing by posting here with the [Security] tag.
Ian has provided advice on how you might become security managed, which
is a good aspiration for any team to have.
However, if you have a serious security issue that you need help mitigating
the security project can help. We can work with you on the solution and also
issue an OpenStack Security Note to notify users of the update/patch that
they might need to apply.
Please go ahead and add me to the security bug, if required I'll add other
core-sec people as required.
Cheers
-Rob
On Tue, Jan 17, 2017 at 1:14 PM, Adam Heczko <aheczko at mirantis.com> wrote:
> Hi Julien, I think that you should follow this [1] workflow.
>
> TL;DR: Pls make sure that if the bug is serious make it private on LP so
> that only core team members can access it and propose patches. Please do
> not send patches to Gerrit review queue but rather attach it to LP bug
> ticket and discuss there. Contact VMT members to get more details on how to
> get Telemetry project covered by VMT.
>
> [1] https://security.openstack.org/vmt-process.html
>
> On Tue, Jan 17, 2017 at 1:26 PM, Julien Danjou <julien at danjou.info> wrote:
>
>> Hi,
>>
>> I've asked on #openstack-security without success, so let me try here
>> insteead:
>>
>> We, Telemetry, have a security bug and we're not managed by VMT, any
>> hint as how to handle our bug? Or how to get covered by VMT? 😊
>>
>> Cheers,
>> --
>> Julien Danjou
>> /* Free Software hacker
>> https://julien.danjou.info */
>>
>> ____________________________________________________________
>> ______________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Adam Heczko
> Security Engineer @ Mirantis Inc.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170117/7b987d07/attachment.html>
More information about the OpenStack-dev
mailing list