On 12/10/2013 05:57 PM, Paul McMillan wrote: > +1 on Tatiana Mazur, she's been doing a bunch of good work lately. > > I'm fine with me being removed from core provided you have someone else > qualified to address security issues as they come up. My contributions have > lately been reviewing and responding to security issues, vetting fixes for > those, and making sure they happen in a timely fashion. Fortunately, we > haven't had too many of those lately. Other than that, I've been lurking and > reviewing to make sure nothing egregious gets committed. > > If you don't have anyone else who is a web security specialist on the core > team, I'd like to stay. Since I'm also a member of the Django security team, > I offer a significant chunk of knowledge about how the underlying security > protections are intended work.
Security reviews aren't done on gerrit, though. They are handled in launchpad bugs. It seems you could still contribute in this way without being on the horizon-core team responsible for reviewing normal changes in gerrit. The bigger point is that you don't have to be on whatever-core to contribute productively to reviews. I think every project has people that make important review contributions, but aren't necessarily reviewing regularly enough to be whatever-core. -- Russell Bryant _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
