On 2013-11-18 11:27:28 -0800 (-0800), Sriram Subramanian wrote: > Thanks for the initiative. We at the OpenStack Security Group are > doing large part of these tasks now and are looking for more help > (particularly around reviews from people that are intimate to the > project internals). Here are some pointers on how to get involved. > You probably are inviting more volunteers for OSSG, I am just > trying to make it clearer. If not, we need to work to make sure > the efforts are aligned and not duplicated.
As I understood his initial E-mail, he's looking for experienced Nova core reviewers with some background in security so that the vulnerability management team can use them as an initial point of contact to help develop, backport or review proposed fixes for embargoed security vulnerabilities prior to their announcement. Note that this is not something we're (VMT hat on) only seeking from Nova. All the official OpenStack projects which receive security support are strongly encouraged to groom core security developers/reviewers so that we can have some redundancy and additional bandwidth on those sorts of interactions (rather than now where we usually just contact the PTL and hope he/she is around). As discussed at the summit, we're going to work on putting together a more detailed prerequisites list for determining whether a given project is under security support. https://etherpad.openstack.org/p/IcehouseVMT -- Jeremy Stanley _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev