[Openstack-security] OSSN-0013 ready for review
Rob Crittenden
rcritten at redhat.com
Mon May 5 21:04:08 UTC 2014
Bryan D. Payne wrote:
> I think it makes sense to assign the OSSN number as early as possible.
> If they are published out of order... I'm not too worried about that.
Yeah, I think that would follow the CVE model as well.
rob
>
>
> On Mon, May 5, 2014 at 12:59 PM, Nathan Kinder <nkinder at redhat.com
> <mailto:nkinder at redhat.com>> wrote:
>
>
>
> On 05/05/2014 12:39 PM, Bhandaru, Malini K wrote:
> > We have two OSSN-0013s making their way!
> > Need a better number reservation system. :-)
>
> Let's let Rob take OSSN-0013, and the one you are working on can be
> OSSN-0014.
>
> If we want to reserve a number, we could grab it on the OSSN wiki page
> ahead of time. My concern with this is that someone could grab a
> number to start writing a security note, then disappear for some time
> (or the issue takes a lot of back and forth to get through review). In
> the meantime, other notes might be written and published. This will
> result in the numbers being out of sequence. It's not the end of the
> world, but it is a bit confusing. This isn't a theoretical situation
> either, as OSSN-0010 was published after OSSN-0011 and OSSN-0012:
>
> https://wiki.openstack.org/wiki/Security_Notes
>
> The alternative is that we assign the number at publishing time. This
> requires more diligence at patch approval time to ensure that we don't
> duplicate a number and might require patch rework to renumber things
> (which is what we're going through right now).
>
> What preferences do others have on this?
>
> Thanks,
> -NGK
>
> > Malini
> >
> > -----Original Message-----
> > From: Clark, Robert Graham [mailto:robert.clark at hp.com
> <mailto:robert.clark at hp.com>]
> > Sent: Friday, May 02, 2014 1:51 AM
> > To: openstack-security at lists.openstack.org
> <mailto:openstack-security at lists.openstack.org>
> > Subject: [Openstack-security] OSSN-0013 ready for review
> >
> > https://review.openstack.org/#/c/91755/
> >
> > _______________________________________________
> > Openstack-security mailing list
> > Openstack-security at lists.openstack.org
> <mailto:Openstack-security at lists.openstack.org>
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> >
> > _______________________________________________
> > Openstack-security mailing list
> > Openstack-security at lists.openstack.org
> <mailto:Openstack-security at lists.openstack.org>
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> >
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> <mailto:Openstack-security at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
More information about the Openstack-security
mailing list