On 2016-03-03 23:57:04 +0000 (+0000), Steven Dake (stdake) wrote: [...] > If anything in this email is wrong, feel free to correct me and > get us on the right track. [...]
Sounds on track to me. The goal of having some guidelines for this was mainly just to try and avoid the VMT taking responsibility for a project and then immediately having it become a huge burden due to obvious latent vulnerabilities, lack of subject matter expert developers available to triage those which do get reported, et cetera. It's an attempt to ensure some up-front due diligence so that we're not taking on more than we can reasonably handle, since the VMT is by design a constrained team centrally assigning identifiers, tracking the state of outstanding embargoes and privately curating impact descriptions for later inclusion in public advisories. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev