Open Stack

On Thu, Nov 24, 2011 at 7:30 AM, Thierry Carrez <thierry at openstack.org> wrote:
> I want to turn the question around: why do *you* want more ?
I don't think you are implying it, but just to snuff out any though.
I'm completely comfortable speaking for Piston Cloud that if by some
craziness adjusting this policy to better serve the project required
that Piston Cloud *never* was a member of the vulnerabiliity group I'm
certain I can get sign off on that.
I feel like you might have accidently skipped in your quoting at least
one of my question. What is the successful three person, email-based,
implimentation this is based on?
Actually really though that question was only for my own interest, and
doesn't matter. The argument ends at three humans do not *physically*
have the coverage to *insure* timely *initial* response, particularly
from a sophisticated bad actor.
There might not be as many reports as I think, but the issues will
have the potential of being magnitudes more complex than Firefox
issues. And it will only takes one, the first disaster to set back
OpenStack, and potentially kill off a member organizations ability to
participate in OpenStack  -- I hadn't considered that previously, it
is dramatic, but thinking in it, we are not taking little leagues
here, and I imagine a lot of people have put themselves on the line to
get behind OpenStack.
So assuming we want to focus on it being hard coded at a number, what
would the number be, and what would the list look like if the
requirement is: three -- the magic number -- members "usually"
covering each hour including weekends.

The process to come up with this list might look like:
1. Revisit who are the top candidate volunteers2. Put their "usual"
work day on a calendar including *weekends*. No healthy person works
the same 8hrs seven days a week, so no one better claim they do ;-)
2.a Only allow each candidate volunteer to identify 8hrs per day.

Come up with the minimum list with density of at least three at each hour.
Thank you,Lloyd