Hi, I would like the feedback from the community about applying (or not) to the vulnerability:managed tag [1]. Being part of OpenStack ecosystem and the big tent, Puppet OpenStack project might want to follow some other projects in order to be consistent in Security management procedures.
I believe we should apply for the tag and start to learn about their process. I think it would be a great opportunity for us to be more involved in OpenStack best-practices, and maybe enhance the process by giving feedback to the security team. Also, it would make our security bugs managed and tracked in a more serious way than we used to do before. The main impact for our group would be to acknowledge what is documented here: https://security.openstack.org/#how-to-report-security-issues-to-openstack and taking care of the new procedure. I think we should start the discussion from here and maybe define a plan for the following months, if some audits need to be done before. Any feedback is welcome, [1] http://governance.openstack.org/reference/tags/vulnerability_managed.html -- Emilien Macchi
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev