You've done the right thing by posting here with the [Security] tag. Ian has provided advice on how you might become security managed, which is a good aspiration for any team to have.
However, if you have a serious security issue that you need help mitigating the security project can help. We can work with you on the solution and also issue an OpenStack Security Note to notify users of the update/patch that they might need to apply. Please go ahead and add me to the security bug, if required I'll add other core-sec people as required. Cheers -Rob On Tue, Jan 17, 2017 at 1:14 PM, Adam Heczko <ahec...@mirantis.com> wrote: > Hi Julien, I think that you should follow this [1] workflow. > > TL;DR: Pls make sure that if the bug is serious make it private on LP so > that only core team members can access it and propose patches. Please do > not send patches to Gerrit review queue but rather attach it to LP bug > ticket and discuss there. Contact VMT members to get more details on how to > get Telemetry project covered by VMT. > > [1] https://security.openstack.org/vmt-process.html > > On Tue, Jan 17, 2017 at 1:26 PM, Julien Danjou <jul...@danjou.info> wrote: > >> Hi, >> >> I've asked on #openstack-security without success, so let me try here >> insteead: >> >> We, Telemetry, have a security bug and we're not managed by VMT, any >> hint as how to handle our bug? Or how to get covered by VMT? 😊 >> >> Cheers, >> -- >> Julien Danjou >> /* Free Software hacker >> https://julien.danjou.info */ >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Adam Heczko > Security Engineer @ Mirantis Inc. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
