[openstack-dev] Security bug in diskimage-builder
Jeremy Stanley
fungi at yuggoth.org
Mon May 29 19:02:59 UTC 2017
On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote:
> On Wed, May 24, 2017 at 7:45 PM, Ben Nemec <openstack at nemebean.com> wrote:
[...]
> > Emilien, I think we should create a tripleo-coresec group in
> > launchpad that can be used for this. We have had
> > tripleo-affecting security bugs in the past and I imagine we
> > will again. I'm happy to help out with that, although I will
> > admit my launchpad-fu is kind of weak so I don't know off the
> > top of my head how to do it.
>
> That or re-use an existing Launchpad group used by OpenStack VMT?
The OpenStack VMT doesn't triage bugs for deliverables aside from
those tagged with vulnerability:managed in governance. For those we
recommend private security bugs only be automatically shared with
the openstack-vuln-mgmt team in LP, and then we manually subscribe
something-coresec to the report once we're sure it was reported
against the correct project. For deliverables without VMT oversight,
it makes sense to have private security bugs automatically shared
with those something-coresec teams directly.
https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170529/de3921aa/attachment.sig>
More information about the OpenStack-dev
mailing list