On 2016-09-21 10:18:58 -0700 (-0700), Morgan Fainberg wrote: [...] > For what it is worth the VMT had some discussion about this and in the case > the security team was/is dissolved/moved to a WG we will take some action > and make some proposals to handle the situation so we have a nice place to > continue within the community. One idea that was floated would be to become > our own small (release team sized) team.
Well, just to be clear, if the current team providing a home to the VMT became unofficial, I doubt the VMT itself would operate any differently than today. It's a (necessarily) small group of people with existing cross-project ties to other official teams in OpenStack. The authority it has comes from involvement of its members throughout the community the function they perform, not from any sort of official mandate. That said, I appreciate and applaud the efforts of the Security Team and believe that the VMT's choice to align itself with them has provided a beneficial relationship. The Security Team provides valuable operations/deployment-specific insight into embargoed issues where the VMT often struggles to appropriately gauge impact severity and scope, they have been very helpfully documenting reported shortcomings in OpenStack which require special care and attention from downstream consumers, and they're working on ways to evaluate OpenStack software to make it easier for the VMT to support through both automated exploration and more conceptual risk documentation. > However, if security is continuing to exist, I am content to stay where we > are (I cannot speak to the views of Fungi, Tristan, and Grant though). Yes, I concur. When I saw that the Security Team lacked a PTL nominee, I did not nominate myself primarily because I don't regularly attend its weekly meetings nor participate in development of any of its outputs beyond what intersects with VMT needs (though also I'm not confident I could wear two PTL hats effectively, unlike some superhumans in our community). -- Jeremy Stanley
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev