On Tue, May 30, 2017 at 3:43 PM, Ben Nemec <openst...@nemebean.com> wrote: > > > On 05/30/2017 08:00 AM, Emilien Macchi wrote: >> >> On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley <fu...@yuggoth.org> wrote: >>> >>> On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote: >>>> >>>> On Wed, May 24, 2017 at 7:45 PM, Ben Nemec <openst...@nemebean.com> >>>> wrote: >>> >>> [...] >>>>> >>>>> Emilien, I think we should create a tripleo-coresec group in >>>>> launchpad that can be used for this. We have had >>>>> tripleo-affecting security bugs in the past and I imagine we >>>>> will again. I'm happy to help out with that, although I will >>>>> admit my launchpad-fu is kind of weak so I don't know off the >>>>> top of my head how to do it. >>>> >>>> >>>> That or re-use an existing Launchpad group used by OpenStack VMT? >>> >>> >>> The OpenStack VMT doesn't triage bugs for deliverables aside from >>> those tagged with vulnerability:managed in governance. For those we >>> recommend private security bugs only be automatically shared with >>> the openstack-vuln-mgmt team in LP, and then we manually subscribe >>> something-coresec to the report once we're sure it was reported >>> against the correct project. For deliverables without VMT oversight, >>> it makes sense to have private security bugs automatically shared >>> with those something-coresec teams directly. >>> >>> >>> https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html >> >> >> I created https://launchpad.net/~tripleo-coresec >> >> With me (Pacific Time soon), shardy (Europe), bnemec (East coast) and > > > If by "coast" you mean the Great Lakes then yes, but I'm in the central time > zone. ;-)
lol. I added James to cover (real) East coast, so we cover most of our TZs. Thanks, > Thanks for getting this set up guys. > > >> fungi (East coast) for now. If we feel like we need more people we'll >> think about it. >> I'll explore Launchpad to see how we can use this group to handle Security >> bugs. >> >> Thanks, >> >>> -- >>> Jeremy Stanley >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Emilien Macchi __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev