[security][ironic] Ironic + the VMT
Jay Faulkner
jay at gr-oss.io
Mon Feb 27 16:16:50 UTC 2023
Hey all,
A recent topic at Ironic meetings the last couple of weeks have been around
vulnerability management. Ironic has not been using the OpenStack VMT
traditionally; for reasons that AFAICT are lost to time.
Is there any reason Ironic should not be vulnerability-managed? Is the
security team willing to have us?
The only potential complication is that Ironic may receive reports for
vendor libraries used by Ironic but not maintained by Ironic -- I was
hoping there might already be some historical precedent for how we handle
those; it can't be that unique to Ironic.
What do folks think?
Thanks,
Jay Faulkner
Ironic PTL
TC Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230227/1116396c/attachment.htm>
More information about the openstack-discuss
mailing list