[Openstack-security] OSSN-0013 ready for review
Clark, Robert Graham
robert.clark at hp.com
Mon May 5 21:06:59 UTC 2014
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: 05 May 2014 22:04
> To: Bryan D. Payne; Nathan Kinder
> Cc: openstack-security at lists.openstack.org
> Subject: Re: [Openstack-security] OSSN-0013 ready for review
>
> Bryan D. Payne wrote:
> > I think it makes sense to assign the OSSN number as early as
possible.
> > If they are published out of order... I'm not too worried about
that.
>
> Yeah, I think that would follow the CVE model as well.
>
> rob
+1 No problem there. Grabbing the page on the wiki seems like an easy
way to do things.
>
> >
> >
> > On Mon, May 5, 2014 at 12:59 PM, Nathan Kinder <nkinder at redhat.com
> > <mailto:nkinder at redhat.com>> wrote:
> >
> >
> >
> > On 05/05/2014 12:39 PM, Bhandaru, Malini K wrote:
> > > We have two OSSN-0013s making their way!
> > > Need a better number reservation system. :-)
> >
> > Let's let Rob take OSSN-0013, and the one you are working on can
be
> > OSSN-0014.
> >
> > If we want to reserve a number, we could grab it on the OSSN
wiki page
> > ahead of time. My concern with this is that someone could grab
a
> > number to start writing a security note, then disappear for some
time
> > (or the issue takes a lot of back and forth to get through
review). In
> > the meantime, other notes might be written and published. This
will
> > result in the numbers being out of sequence. It's not the end
of the
> > world, but it is a bit confusing. This isn't a theoretical
situation
> > either, as OSSN-0010 was published after OSSN-0011 and
OSSN-0012:
> >
> > https://wiki.openstack.org/wiki/Security_Notes
> >
> > The alternative is that we assign the number at publishing time.
This
> > requires more diligence at patch approval time to ensure that we
don't
> > duplicate a number and might require patch rework to renumber
things
> > (which is what we're going through right now).
> >
> > What preferences do others have on this?
> >
> > Thanks,
> > -NGK
> >
> > > Malini
> > >
> > > -----Original Message-----
> > > From: Clark, Robert Graham [mailto:robert.clark at hp.com
> > <mailto:robert.clark at hp.com>]
> > > Sent: Friday, May 02, 2014 1:51 AM
> > > To: openstack-security at lists.openstack.org
> > <mailto:openstack-security at lists.openstack.org>
> > > Subject: [Openstack-security] OSSN-0013 ready for review
> > >
> > > https://review.openstack.org/#/c/91755/
> > >
> > > _______________________________________________
> > > Openstack-security mailing list
> > > Openstack-security at lists.openstack.org
> > <mailto:Openstack-security at lists.openstack.org>
> > >
> >
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> > >
> > > _______________________________________________
> > > Openstack-security mailing list
> > > Openstack-security at lists.openstack.org
> > <mailto:Openstack-security at lists.openstack.org>
> > >
> >
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> > >
> >
> > _______________________________________________
> > Openstack-security mailing list
> > Openstack-security at lists.openstack.org
> > <mailto:Openstack-security at lists.openstack.org>
> >
> >
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> >
> >
> >
> >
> > _______________________________________________
> > Openstack-security mailing list
> > Openstack-security at lists.openstack.org
> >
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> >
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6187 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140505/cad572d7/attachment.bin>
More information about the Openstack-security
mailing list