On 5/12/16 8:44 PM, Jeremy Stanley wrote: > On 2016-05-12 17:38:22 -0400 (-0400), Nikhil Komawar wrote: >> On 5/12/16 8:35 AM, Jeremy Stanley wrote: > [...] >>> While the size I picked in item #2 at >>> <URL: >>> https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements >>> > >>> is not meant to be a strict limit, you may still want to take this >>> as an opportunity to rotate out some of your less-active reviewers >>> (if there are any). >> Thanks for not being strict on it. > It's also possible this is an indication that we put the recommended > cap too low, and should revisit it. I'll bring it up with other VMT > members. I sort of picked that number out of the air... it seemed > reasonable based on a survey of the sizes of some other supported > projects' -coresec teams, but that's certainly worth revisiting.
+1 on re-iterating on the number >> I do however, want to make another proposal: >> >> Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as >> his substitute. As soon as Stuart is back and is ready to shoulder this >> responsibility we should do the rotation. > [...] > > This seems fine. It does make sense to not expose embargoed > vulnerabilities to (even temporarily) inactive team members, as a > matter of hygiene. -- Thanks, Nikhil
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
