Hi, So I am recent elected core to the security group, so while obviously pro OSSG-Sec, I also have a fairly fresh perspective of the group.
I would first off all not agree on disengagement with the community. Well at least not from my perspective. Since I joined I have found the group welcoming to new members, with well run with meetings never starting late or failing to achieve actions from before. While I may be a new core, I am not new to open source, so there is no way I would have joined if I felt the group was waning in enthusiasm, disconnected or not moving forward. The team are actively working on several projects which have found vulnerabilities in openstack, namely Bandit and syntribos, threat analysis and I was inspired to start on my own new proposal project from seeing the enthusiasm in the group. There is also lots of engagement between other cores and the security group in OSSN's (security notes). I recently took over covering these, and have enjoyed working immensely with cores in keystone, trove, nova, neutron, and horizon etc. I did not see any disconnect there myself. On the matter of elections, I understand people are upset that the PTL nomination period was missed, but I understand there was a genuine reason for this which I will leave for the PTL to cover. For me Robert did a really great job of welcoming and mentoring me into the security group, so I personally have nothing but respect there. So if the decision is made to demote(?) the group, I guess so be it, but it will be a big downer and disappointment for me as someone that is proud and enthusiastic to be a new OSSG-core sec member. Regards, Luke ------------------------------------------------------------ From: Thierry Carrez <thie...@openstack.org> Date: Wed, Sep 21, 2016 at 12:23 PM Subject: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent To: OpenStack Development Mailing List <openstack-dev@lists.openstack.org> Hi everyone, As announced previously[1][2], there were no PTL candidates within the election deadline for a number of official OpenStack project teams: Astara, UX, OpenStackSalt and Security. In the Astara case, the current team working on it would like to abandon the project (and let it be available for any new team who wishes to take it away). A change should be proposed really soon now to go in that direction. In the UX case, the current PTL (Piet Kruithof) very quickly reacted, explained his error and asked to be considered for the position for Ocata. The TC will officialize his nomination at the next meeting, together with the newly elected PTLs. That leaves us with OpenStackSalt and Security, where nobody reacted to the announcement that we are missing PTL candidates. That points to a real disconnect between those teams and the rest of the community. Even if you didn't have the election schedule in mind, it was pretty hard to miss all the PTL nominations in the email last week. The majority of TC members present at the meeting yesterday suggested that those project teams should be removed from the Big Tent, with their design summit space allocation slightly reduced to match that (and make room for other not-yet-official teams). In the case of OpenStackSalt, it's a relatively new addition, and if they get their act together they could probably be re-proposed in the future. In the case of Security, it points to a more significant disconnect (since it's not the first time the PTL misses the nomination call). We definitely still need to care about Security (and we also need a home for the Vulnerability Management team), but I think the "Security team" acts more like a workgroup than as an official project team, as evidenced by the fact that nobody in that team reacted to the lack of PTL nomination, or the announcement that the team missed the bus. The suggested way forward there would be to remove the "Security project team", have the Vulnerability Management Team file to be its own official project team (in the same vein as the stable maintenance team), and have Security be just a workgroup rather than a project team. Thoughts, comments ? [1] http://lists.openstack.org/pipermail/openstack-dev/2016-September/103904.html [2] http://lists.openstack.org/pipermail/openstack-dev/2016-September/103939.html -- Thierry Carrez (ttx) __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44 12 52 36 2483 __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
