On 2021-03-11 09:46:47 -0800 (-0800), Dan Smith wrote: [...] > It might be good if we can amend the recommendation to explain the > impact of disabling everything on Horizon, along with the recommendation > to restrict creation to admin-only and audit. Not sure what the > procedure is for that. The recommendation is in a wiki article[1] (in the form of an OSSN document), so can be freely edited. But if someone makes significant updates to the recommendation then we should probably also send an errata announcement to the openstack-announce and openstack-discuss mailing lists detailing what's changed since initial publication. The OSSN process[2] doesn't mandate any particular errata steps, but we can use our own judgement to determine what may be additionally worth announcing/updating for it. [1] https://wiki.openstack.org/wiki/OSSN/OSSN-0088 [2] https://wiki.openstack.org/wiki/Security/Security_Note_Process -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210311/8ebabd6b/attachment.sig>