Adam, Thank you for your offer, but I believe the VMT kolla-coresec team must be formed from core reviewers or I'd ask Dave Mccowan to consider an invitation.
The text that I think this comes from is: Deliverables with more than five core reviewers should (so as to limit the unnecessary exposure of private reports) settle on a subset of these to act as security core reviewers whose responsibility it is to be able to confirm whether a bug report is accurate/applicable or at least know other subject matter experts they can in turn subscribe to perform those activities in a timely manner It is pretty easy to become a core reviewer in Kolla over time but it requires doing consistently proven good reviewing of the code going into the repository, consistent irc participation, as well as implementation work. If your interested, please join us on IRC and begin the process :) Regards -steve From: Adam Heczko <ahec...@mirantis.com<mailto:ahec...@mirantis.com>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Date: Tuesday, March 1, 2016 at 1:57 PM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [kolla][security] Obtaining the vulnerability:managed tag Hi Steven, I'd like to help you with vulnerability management process of Kolla and become a member of Kolla VMT team. I have experience and expertise in IT security and related to it processes. Best regards, Adam On Tue, Mar 1, 2016 at 5:55 PM, Steven Dake (stdake) <std...@cisco.com<mailto:std...@cisco.com>> wrote: Core reviewers, Please review this document: https://github.com/openstack/governance/blob/master/reference/tags/vulnerability_managed.rst It describes how vulnerability management is handled at a high level for Kolla. When we are ready, I want the kolla delivery repos vulnerabilities to be managed by the VMT team. By doing this, we standardize with other OpenStack processes for handling security vulnerabilities. The first step is to form a kolla-coresec team, and create a separate kolla-coresec tracker. I have already created the tracker for kolla-coresec and the kolla-coresec team in launchpad: https://launchpad.net/~kolla-coresec https://launchpad.net/kolla-coresec I have a history of security expertise, and the PTL needs to be on the team as an escalation point as described in the VMT tagging document above. I also need 2-3 more volunteers to join the team. You can read the requirements of the job duties in the vulnerability:managed tag. If your interested in joining the VMT team, please respond on this thread. If there are more then 4 individuals interested in joining this team, I will form the team from the most active members based upon liberty + mitaka commits, reviews, and PDE spent. Regards -steve __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Adam Heczko Security Engineer @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev