"Security notification email address (secur...@openstack.org)" Do we really need this, in addition to the "security issue" flag in LP and the private individual addresses ? I'm not sure either way... On one hand, one more medium to watch, on the other, security@ is common practice... Would it just be autoforwarded to private list ?
I would probably have it redirect to the private list. The goal is to make it as easy as possible to report possible security issues, breaches, thoughts, questions, whatever. If it was a true issue, I would imagine we would either ask the sender to put in a ticket or one of the members of the Group would put it in themselves. We could certainly do without it, but as you say, the security@ pattern is a common one and would be a good place for people not part of the OpenStack community to communicate issues to the Group easily. "vulnerability discussion & classification (MSA/CVE)" MSA are Mozilla Security Advisories, I doubt we would issue those :) Maybe "OSA" ? Ha, good catch. Fixed. Thanks, Jarret This email may include confidential information. If you received it in error, please delete it. _______________________________________________ Mailing list: https://launchpad.net/~openstack-poc Post to : openstack-poc@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack-poc More help : https://help.launchpad.net/ListHelp