Jay, Thanks for the comments. I had changed the text below to be specific about LaunchPad, but I had missed the part you pointed out. I went ahead and changed that to:
* Operate a private security mailing list and curate private issues in LaunchPad for tracking & resolving vulnerabilities. Hopefully that is a bit more clear. I changed the text for the initial group membership to limit it to 8. I'm happy to lower it if that seems to high. The basic goal was to start with a group of diverse people (commercial & open source, Rackspace and not, security contractors and not, etc.) If we just want to start out with a couple of Rackers and one or two interested parties, I'm fine with that. I just wanted to make sure we have a good set of opinions to get going with the initial work. By private resources, I just mean the private mailing list and the private issues in the LaunchPad tracker. I would imagine the group would strive to do most things publicly with anything private being as needed (and hopefully temporary). If the language is confusing, I'm happy to fix it. Thanks, Jarret Raim | Application Security, Lead Architect ------------------------------------------------------------- 5000 Walzem Road Office: 210.312.3121 San Antonio, TX 78218 Cellular: 210.437.1217 ------------------------------------------------------------- rackspace hosting | experience fanatical support On 8/16/11 1:49 PM, "Jay Pipes" <[email protected]> wrote: >I think this bullet: > >* Operate a private security mailing list and issue tracker for >tracking & resolving vulnerabilities. > >Is what Thierry was suggesting should be changed to remove the >separate issue tracker, since Launchpad already provides >security/private bug functionality. > >Also, this sentence: > >As such, I recommend that a core of OpenStack community leaders, >Rackspace specialists and security experts in the commercial and open >source world start out as the seed of the OSSG, maintaining access to >private resources. > >I think Thierry (and myself agreeing) were saying that the OSSG should >not contain a lot of people initially. Also, Jarret, could you explain >what you mean above by "maintaining access to private resources"? > >Thanks! > >-jay > >On Tue, Aug 16, 2011 at 2:40 PM, Jonathan Bryce <[email protected]> wrote: >> Jarret made updates to address most of Thierry's comments. Updated >>version >> still available >> at >>http://wiki.openstack.org/Governance/Proposed/OpenStack%20Security%20Grou >>p >> Jonathan. >> On Aug 16, 2011, at 12:01 PM, Jonathan Bryce wrote: >> >> Thanks for the feedback. I forwarded it to Jarret and asked him to >>update >> the proposal before we vote on it. >> >> Jonathan. >> >> >> On Aug 16, 2011, at 11:34 AM, Thierry Carrez wrote: >> >> Joshua McKenty wrote: >> >> What's the logic to use personal email addresses? I agree with needing >>GPG >> keys, but I think there's an obvious role for company-level >>participation. >> Or did you just mean "no group addresses", which I definitely agree >>with. >> >> Yes, the idea is "no group address", so that communication can be >> >> encrypted. s/personal/individual/ >> >> -- >> >> Thierry Carrez (ttx) >> >> Release Manager, OpenStack >> >> _______________________________________________ >> >> Mailing list: https://launchpad.net/~openstack-poc >> >> Post to : [email protected] >> >> Unsubscribe : https://launchpad.net/~openstack-poc >> >> More help : https://help.launchpad.net/ListHelp >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack-poc >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack-poc >> More help : https://help.launchpad.net/ListHelp >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack-poc >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack-poc >> More help : https://help.launchpad.net/ListHelp >> >> This email may include confidential information. If you received it in error, please delete it. _______________________________________________ Mailing list: https://launchpad.net/~openstack-poc Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack-poc More help : https://help.launchpad.net/ListHelp
