[security-sig][cinder] propose vulnerability:managed tag for os-brick
Brian Rosmaita
rosmaita.fossdev at gmail.com
Fri Jun 4 13:52:06 UTC 2021
I've posted a patch to add the 'vulnerablity:managed' tag to the
os-brick library:
https://review.opendev.org/c/openstack/governance/+/794680
I just want to give a heads-up to the OpenStack Vulnerablity Management
Team, since this will impact the VMT, though hopefully not very much.
The Cinder team was under the impression that the VMT was already
managing private security bugs for os-brick. The issue may not have
come up before because usually there's a driver + connector involved and
the bug gets filed under cinder (which is already tagged
vulnerablity:managed).
In any case, the cinder team discussed this at our recent midcycle
meeting and decided that we appreciate the extra eyes and long-term
perspective the VMT brings to the table, and we'd like to formalize a
relation between the VMT and the os-brick library.
cheers,
brian
More information about the openstack-discuss
mailing list