Hi All Wasn't sure which list to address this to (possibly documentation?), please feel free to redirect me!
In my (day) job (not Limilo!) we're currently evaluating an IBM product which is underpinned by OpenStack. During review our InfoSec people claimed many (22) open CVE vulnerabilities for the underlying version of OpenStack used (Folsom). I don't believe this to be the case, as Launchpad lists only 3 CVE bugs. However it's not clear at a glance if these 3 have been back ported, which versions are affected etc. While I know my way around enough to find out, new people investigating OpenStack might not, so I was looking for a summary page of open vulnerabilities broken down per release. Now I know the community does a great job regarding security related bugs, both finding and fixing, and Thierry in particular is working wonders regarding CVE notification. A quick google for OpenStack CVE though brings up https://wiki.openstack.org/wiki/SecurityAdvisories in the first few results which looks as though it may have been the intended place for this kind of summary info, but it looks a bit neglected. Given that this may be the first query someone tries when evaluating OpenStack I think it might need a bit of an update. Is there somewhere else that contains this kind of info in an easily summarised up to date format? Or should the wiki page mentioned be the one to be updated? I'm happy to do this by the way. I'm even happier that OpenStack has progressed to the point where (usually quite conservative) companies such as my employer are considering it against the alternatives. Regards Jolyon Brown jol...@limilo.com www.limilo.com
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp