[Openstack-security] OSSN-0013 ready for review
Nathan Kinder
nkinder at redhat.com
Mon May 5 21:16:22 UTC 2014
On 05/05/2014 02:06 PM, Clark, Robert Graham wrote:
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>> Sent: 05 May 2014 22:04
>> To: Bryan D. Payne; Nathan Kinder
>> Cc: openstack-security at lists.openstack.org
>> Subject: Re: [Openstack-security] OSSN-0013 ready for review
>>
>> Bryan D. Payne wrote:
>>> I think it makes sense to assign the OSSN number as early as
> possible.
>>> If they are published out of order... I'm not too worried about
> that.
>>
>> Yeah, I think that would follow the CVE model as well.
>>
>> rob
>
> +1 No problem there. Grabbing the page on the wiki seems like an easy
> way to do things.
Works for me. I'll add a note to the "Security Note Process" page [1]
that covers this. Thanks to everyone for weighing in on this.
Thanks
-NGK
[1] https://wiki.openstack.org/wiki/Security/Security_Note_Process
>
>
>>
>>>
>>>
>>> On Mon, May 5, 2014 at 12:59 PM, Nathan Kinder <nkinder at redhat.com
>>> <mailto:nkinder at redhat.com>> wrote:
>>>
>>>
>>>
>>> On 05/05/2014 12:39 PM, Bhandaru, Malini K wrote:
>>> > We have two OSSN-0013s making their way!
>>> > Need a better number reservation system. :-)
>>>
>>> Let's let Rob take OSSN-0013, and the one you are working on can
> be
>>> OSSN-0014.
>>>
>>> If we want to reserve a number, we could grab it on the OSSN
> wiki page
>>> ahead of time. My concern with this is that someone could grab
> a
>>> number to start writing a security note, then disappear for some
> time
>>> (or the issue takes a lot of back and forth to get through
> review). In
>>> the meantime, other notes might be written and published. This
> will
>>> result in the numbers being out of sequence. It's not the end
> of the
>>> world, but it is a bit confusing. This isn't a theoretical
> situation
>>> either, as OSSN-0010 was published after OSSN-0011 and
> OSSN-0012:
>>>
>>> https://wiki.openstack.org/wiki/Security_Notes
>>>
>>> The alternative is that we assign the number at publishing time.
> This
>>> requires more diligence at patch approval time to ensure that we
> don't
>>> duplicate a number and might require patch rework to renumber
> things
>>> (which is what we're going through right now).
>>>
>>> What preferences do others have on this?
>>>
>>> Thanks,
>>> -NGK
>>>
>>> > Malini
>>> >
>>> > -----Original Message-----
>>> > From: Clark, Robert Graham [mailto:robert.clark at hp.com
>>> <mailto:robert.clark at hp.com>]
>>> > Sent: Friday, May 02, 2014 1:51 AM
>>> > To: openstack-security at lists.openstack.org
>>> <mailto:openstack-security at lists.openstack.org>
>>> > Subject: [Openstack-security] OSSN-0013 ready for review
>>> >
>>> > https://review.openstack.org/#/c/91755/
>>> >
>>> > _______________________________________________
>>> > Openstack-security mailing list
>>> > Openstack-security at lists.openstack.org
>>> <mailto:Openstack-security at lists.openstack.org>
>>> >
>>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>> >
>>> > _______________________________________________
>>> > Openstack-security mailing list
>>> > Openstack-security at lists.openstack.org
>>> <mailto:Openstack-security at lists.openstack.org>
>>> >
>>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>> >
>>>
>>> _______________________________________________
>>> Openstack-security mailing list
>>> Openstack-security at lists.openstack.org
>>> <mailto:Openstack-security at lists.openstack.org>
>>>
>>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Openstack-security mailing list
>>> Openstack-security at lists.openstack.org
>>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>>
>>
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
More information about the Openstack-security
mailing list