Greetings, I'm on a quest to address Nova's project management growing pains and to make sure the Nova PTL is never an unnecessary bottleneck. One area that has been identified as needing a small team is handling Nova security vulnerability reports.
We have the nova-coresec team on launchpad [1], which is currently all of nova-core. We need to re-work this to be a small subset of nova-core that is specifically interested in being the primary contacts for security issues. These people will be responsible for: 1) Helping determine if a report is legitimate 2) Pulling in the right expertise as necessary to analyze and/or fix a problem 3) Helping develop fixes for security issues 4) Helping to review security fixes (they must be reviewed in advance, before going to gerrit, because the patches are under embargo) I'm happy to be on this team, but I would like a few people with broad expertise to help out. For more information on the vulnerability management process, see [2]. Who's in? [1] https://launchpad.net/~nova-coresec [2] https://wiki.openstack.org/wiki/Vulnerability_Management -- Russell Bryant _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev