Hi Nigel, There are two forms of security notification that come out of the OpenStack project. OpenStack Security Advisories and OpenStack Security Notes (OSSA and OSSN respectively). An OSSA is a significant issue in the OpenStack code base and is typically accompanied by the relevant patch for the vulnerability in the supported releases that are affected. OSSAs are created by the VMT https://wiki.openstack.org/wiki/Vulnerability_Management and are announced on the openstack-announce mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce OSSNs are 'security notes' - created by the OpenStack Security Group to address security issues that didn't qualify for an OSSA - perhaps because they relate to an issue that won't be fixed etc. They are announced on openstack-dev and here on openstack-security. Hope this helps -Rob > -----Original Message----- > From: Nigel Horne [mailto:hornenj at ncbi.nlm.nih.gov] > Sent: 30 May 2014 13:39 > To: openstack-security at lists.openstack.org > Subject: [Openstack-security] OSSN Advisories > > I have a question about how advisories are publicised. > > Is there a separate announce e-mail list, such as that at > http://lists.centos.org/pipermail/centos-announce/2014-May/subject.html? > If so it would help tremendously because I could write a program to > automate parsing and create a Jira ticket when something is announced > (which is what I do with the CentOS list). > > Thanks. > > -Nigel > > _______________________________________________ > Openstack-security mailing list > Openstack-security at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6187 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140530/cf195e5b/attachment.bin>