Hi Julien, I think that you should follow this [1] workflow. TL;DR: Pls make sure that if the bug is serious make it private on LP so that only core team members can access it and propose patches. Please do not send patches to Gerrit review queue but rather attach it to LP bug ticket and discuss there. Contact VMT members to get more details on how to get Telemetry project covered by VMT.
[1] https://security.openstack.org/vmt-process.html On Tue, Jan 17, 2017 at 1:26 PM, Julien Danjou <jul...@danjou.info> wrote: > Hi, > > I've asked on #openstack-security without success, so let me try here > insteead: > > We, Telemetry, have a security bug and we're not managed by VMT, any > hint as how to handle our bug? Or how to get covered by VMT? 😊 > > Cheers, > -- > Julien Danjou > /* Free Software hacker > https://julien.danjou.info */ > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
