On 05/30/2017 10:05 AM, Emilien Macchi wrote:
On Tue, May 30, 2017 at 3:43 PM, Ben Nemec <[email protected]> wrote:
On 05/30/2017 08:00 AM, Emilien Macchi wrote:
On Mon, May 29, 2017 at 9:02 PM, Jeremy Stanley <[email protected]> wrote:
On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote:
On Wed, May 24, 2017 at 7:45 PM, Ben Nemec <[email protected]>
wrote:
[...]
Emilien, I think we should create a tripleo-coresec group in
launchpad that can be used for this. We have had
tripleo-affecting security bugs in the past and I imagine we
will again. I'm happy to help out with that, although I will
admit my launchpad-fu is kind of weak so I don't know off the
top of my head how to do it.
That or re-use an existing Launchpad group used by OpenStack VMT?
The OpenStack VMT doesn't triage bugs for deliverables aside from
those tagged with vulnerability:managed in governance. For those we
recommend private security bugs only be automatically shared with
the openstack-vuln-mgmt team in LP, and then we manually subscribe
something-coresec to the report once we're sure it was reported
against the correct project. For deliverables without VMT oversight,
it makes sense to have private security bugs automatically shared
with those something-coresec teams directly.
https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html
I created https://launchpad.net/~tripleo-coresec
With me (Pacific Time soon), shardy (Europe), bnemec (East coast) and
If by "coast" you mean the Great Lakes then yes, but I'm in the central time
zone. ;-)
lol.
I added James to cover (real) East coast, so we cover most of our TZs.
Thanks,
Okay, so we're all set up, but now it appears we're all subscribed to
every tripleo bug as well. I think oslo-coresec used to be the same
way, but at some point it changed so I only get explicitly notified of
security bugs. Does anyone know how to set up tripleo-coresec that way
too? I've poked around the launchpad settings but I haven't found
anything that looks promising.
Thanks for getting this set up guys.
fungi (East coast) for now. If we feel like we need more people we'll
think about it.
I'll explore Launchpad to see how we can use this group to handle Security
bugs.
Thanks,
--
Jeremy Stanley
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
