[openstack-dev] [security] Security SIG

Jeremy Stanley fungi at yuggoth.org
Fri Oct 27 17:08:57 UTC 2017

On 2017-10-27 15:30:34 +0200 (+0200), Thierry Carrez wrote:
> I think the Security project team would benefit from becoming a
> proper SIG.

I tend to agree, though it's worth also considering what the
implications are for vulnerability management under the new model.
The VMT tended to act as an independent task force in the
beforetime, until the big t^W^Wproject reform of 2014, and then
allied itself with the newly-formed Security Team while continuing
operation autonomously under a fairly independent mandate. Does this
still make sense in a Security SIG context, or should we be
considering alternative (perhaps more formal?) governance for the
VMT in that scenario? I don't have especially cogent thoughts around
this yet, so interested to hear what others in the community think.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171027/013f1a03/attachment.sig>

More information about the OpenStack-dev mailing list