Re: [openstack-dev] Security bug in diskimage-builder

Tue, 30 May 2017 06:46:33 -0700 


On 05/30/2017 08:00 AM, Emilien Macchi wrote:

On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley <fu...@yuggoth.org> wrote:

On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote:

On Wed, May 24, 2017 at 7:45 PM, Ben Nemec <openst...@nemebean.com> wrote:

[...]

Emilien, I think we should create a tripleo-coresec group in
launchpad that can be used for this. We have had
tripleo-affecting security bugs in the past and I imagine we
will again. I'm happy to help out with that, although I will
admit my launchpad-fu is kind of weak so I don't know off the
top of my head how to do it.


That or re-use an existing Launchpad group used by OpenStack VMT?


The OpenStack VMT doesn't triage bugs for deliverables aside from
those tagged with vulnerability:managed in governance. For those we
recommend private security bugs only be automatically shared with
the openstack-vuln-mgmt team in LP, and then we manually subscribe
something-coresec to the report once we're sure it was reported
against the correct project. For deliverables without VMT oversight,
it makes sense to have private security bugs automatically shared
with those something-coresec teams directly.

https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html


I created https://launchpad.net/~tripleo-coresec

With me (Pacific Time soon), shardy (Europe), bnemec (East coast) and



If by "coast" you mean the Great Lakes then yes, but I'm in the central 
time zone. ;-)


Thanks for getting this set up guys.


fungi (East coast) for now. If we feel like we need more people we'll
think about it.
I'll explore Launchpad to see how we can use this group to handle Security bugs.

Thanks,


--
Jeremy Stanley

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev







__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev






















					Reply via email to