On Tue, Jan 17 2017, Jeremy Stanley wrote:
> Others have already answered most of your questions in this thread,
> but since nobody from the VMT has chimed in yet I'll just state on
> our behalf that we're generally happy to consult privately or
> publicly on any suspected vulnerability report wit
On 2017-01-17 13:26:02 +0100 (+0100), Julien Danjou wrote:
> I've asked on #openstack-security without success, so let me try here
> insteead:
>
> We, Telemetry, have a security bug and we're not managed by VMT, any
> hint as how to handle our bug? Or how to get covered by VMT? 😊
Others have alre
On Tue, Jan 17 2017, Ian Cordasco wrote:
> Or, perhaps the last time people complained that the process
> documentation was too detailed and the telemetry project decided it
> didn't want to have to follow it? If that's the case, following the
> embargoed procedures might not be what you want as a
On Tue, Jan 17, 2017 at 8:02 AM, Julien Danjou wrote:
> On Tue, Jan 17 2017, Adam Heczko wrote:
>
>> Hi Julien, I think that you should follow this [1] workflow.
>>
>> TL;DR: Pls make sure that if the bug is serious make it private on LP so
>> that only core team members can access it and propose
On Tue, Jan 17 2017, Rob C wrote:
> Ian has provided advice on how you might become security managed, which
> is a good aspiration for any team to have.
>
> However, if you have a serious security issue that you need help mitigating
> the security project can help. We can work with you on the solu
On Tue, Jan 17 2017, Adam Heczko wrote:
> Hi Julien, I think that you should follow this [1] workflow.
>
> TL;DR: Pls make sure that if the bug is serious make it private on LP so
> that only core team members can access it and propose patches. Please do
> not send patches to Gerrit review queue b
You've done the right thing by posting here with the [Security] tag.
Ian has provided advice on how you might become security managed, which
is a good aspiration for any team to have.
However, if you have a serious security issue that you need help mitigating
the security project can help. We can
Hi Julien, I think that you should follow this [1] workflow.
TL;DR: Pls make sure that if the bug is serious make it private on LP so
that only core team members can access it and propose patches. Please do
not send patches to Gerrit review queue but rather attach it to LP bug
ticket and discuss t
On Tue, Jan 17, 2017 at 6:26 AM, Julien Danjou wrote:
> Hi,
>
> I've asked on #openstack-security without success, so let me try here
> insteead:
>
> We, Telemetry, have a security bug and we're not managed by VMT, any
> hint as how to handle our bug? Or how to get covered by VMT? 😊
So, in terms
Hi,
I've asked on #openstack-security without success, so let me try here
insteead:
We, Telemetry, have a security bug and we're not managed by VMT, any
hint as how to handle our bug? Or how to get covered by VMT? 😊
Cheers,
--
Julien Danjou
/* Free Software hacker
https://julien.danjou.info
10 matches
Mail list logo