On 5/12/16 6:19 PM, Nikhil Komawar wrote: > > > On 5/12/16 6:04 PM, Flavio Percoco wrote: >> On 12/05/16 17:38 -0400, Nikhil Komawar wrote: >>> Comments, alternate proposal inline. >>> >>> >>> >>> On 5/12/16 8:35 AM, Jeremy Stanley wrote: >>>> On 2016-05-11 23:39:58 -0400 (-0400), Nikhil Komawar wrote: >>>>> I would like to propose adding add Brian to the team. >>>> [...] >>>> >>>> I'm thrilled to see Glance adding more security-minded reviewers for >>>> embargoed vulnerability reports! One thing to keep in mind though is >>>> that you need to keep the list of people with access to these >>>> relatively small; I see >>>> https://launchpad.net/~glance-coresec/+members has five members now. >>> >>> Thanks for raising this. Yes, we are worried about it too. But as you >>> bring it up, it becomes even more important. A lot of Glancers time >>> share with other projects and lack bandwidth to contribute fully to >>> this >>> responsibility. Currently, I do not know if anyone can be rotated >>> out as >>> we have had pretty good input from all the folks there. >>> >>>> While the size I picked in item #2 at >>>> <URL: >>>> https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements >>>> > >>>> is not meant to be a strict limit, you may still want to take this >>>> as an opportunity to rotate out some of your less-active reviewers >>>> (if there are any). >>>> >>>> >>> >>> Thanks for not being strict on it. >>> >>> I do however, want to make another proposal: >>> >>> >>> Since Stuart is our VMT liaison and he's on hiatus, can we add Brian as >>> his substitute. As soon as Stuart is back and is ready to shoulder this >>> responsibility we should do the rotation. >>> >>> Please vote +1, 0, -1. >>> >>> I will consider final votes by Thur May 19 2100 UTC. >> >> >> Can we ask Stuart if he's ok with us removing him from the coresec >> team? I think >> he won't have time for it and it'd be irresponsible from us to send >> VMT bugs to >> him at this point. >>
I just realized we both meant the same thing, my description wasn't too clear though on what I meant as rotation. > > Confirmation enqueue. > >> Cheers, >> Flavio >> >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- > > Thanks, > Nikhil -- Thanks, Nikhil
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
