Hi everyone, TL;DR: Update https://wiki.openstack.org/wiki/CrossProjectLiaisons#Vulnerability_management
Longer version: In the same spirit as the Oslo Liaisons, we are introducing in the Kilo cycle liaisons for the Vulnerability Management Team. Historically we've been trying to rely on a group of people with ACL access to the private security bugs for the project (the $PROJECT-coresec group in Launchpad), but in some cases it resulted in a "everyone in charge, nobody in charge" side effect. We think we could benefit from stronger ties and involvement by designating specific liaisons. VMT liaisons will help assessing the impact of reported issues, coordinate the development of patches, review proposed patches and propose backports. The liaison should be familiar with the Vulnerability Management process (https://wiki.openstack.org/wiki/Vulnerability_Management) and embargo rules, and have a good grasp of security issues in software design. The liaison may of course further delegate work to other subject matter experts. The liaison should be a core reviewer for the project, but does not need to be the PTL. By default, if nobody else is mentioned, the liaison will be the PTL. If you're up for it, talk to your PTL and add your name to: https://wiki.openstack.org/wiki/CrossProjectLiaisons#Vulnerability_management Thanks for your help in keeping OpenStack secure ! -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev