Re: [openstack-dev] [glance][VMT][Security] Glance coresec reorg
+1 for both. yours, Michael On Fri, Oct 21, 2016 at 3:07 AM, Flavio Percocowrote: > On 20/10/16 12:33 -0700, Steve Lewis wrote: > >> I'm not voicing as a core here, but in the course of several cycles I have >> seen Erno and Ian each providing the care and insight needed by this role >> and trust them to do the job well. >> >> > +1k to the above! > > Thank you both for stepping up for this critical task. > Flavio > > > >> On Wed, Oct 19, 2016 at 3:50 PM, Jeremy Stanley >> wrote: >> >> On 2016-10-18 22:22:28 + (+), Brian Rosmaita wrote: >>> > Thus, the main point of this email is to propose Ian Cordasco and Erno >>> > Kuvaja as new members of the Glance coresec team. They've both been >>> > Glance cores for several cycles, have a broad knowledge of the software >>> > and team, contribute high-quality reviews, and are conversant with good >>> > security practices. >>> [...] >>> >>> Sounds good to me. From a VMT perspective, I'm just happy to see >>> Glance keeping active participants with available bandwidth looking >>> at prospective vulnerability reports so we can continue to churn >>> through them faster and make them public sooner. Thanks for keeping >>> the wheels turning! >>> -- >>> Jeremy Stanley >>> >>> >>> __ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> >> >> -- >> SteveL >> > > __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > -- > @flaper87 > Flavio Percoco > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Openstack-security] [Security]abandoned OSSNs?
Matt: Thanks for asking this. I forwarded this email to the new email list so that folks with better knowledge can answer this. Thanks and have a great day. Yours, Michael - Michael Xin | Manager, Security Engineering - US Product Security |Rackspace Hosting Office #: 501-7341 or 210-312-7341 Mobile #: 210-284-8674 5000 Walzem Road, San Antonio, Tx 78218 Experience fanatical support From: Matt Fischer <m...@mattfischer.com<mailto:m...@mattfischer.com>> Date: Monday, April 11, 2016 at 9:19 AM To: "openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>" <openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>> Subject: [Openstack-security] abandoned OSSNs? Some folks from our security team here asked me to ensure them that our services were patched for all the OSSNs that are listed here: https://wiki.openstack.org/wiki/Security_Notes Most of these are straight-forward, but there are some OSSNs that have been allocated an ID but then abandoned. There is no detailed wiki page and my best google efforts lead me to a possible IRC mention and maybe an abandoned review. The two specifically are OSSN-50/51. So what am I to do with an "abandoned" OSSN? Has it been decided that there is no issue anymore? These are pretty old if I look at the dates framing the other OSSNs (49/52), so I assume they aren't urgent. Can we ignore these? They sound somewhat scary, for example, "keystonemiddleware can allow access after token revocation" but I have no means to say whether it affects us or how we can mitigate without more info. Thoughts? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [security] The first version of the Logo for Openstack Security Project
Mike: Got it. Thanks. We will update it. Yours, Michael On 10/22/15, 12:18 PM, "michael mccune" <m...@redhat.com> wrote: >On 10/21/2015 05:11 PM, Michael Xin wrote: >> Rob and Michael: >> Thanks for the update. We will probably not use any Openstack Logo. >> >> Here is the first draft of the flyer: >> >> http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-flag-flyer.pdf >> >> >> Please send us your feedback. > >i think my only suggestion on the text would be to slightly alter the >second sentence of the "What's the OSSP?" section. > >currently it is: > >"The Security Project undertakes both technical and governance >activities within OpenStack, aiming to provide guidance, information and >code that enhances the overall security of the OpenStack ecosystem" > >i would change the beginning to: > >"The Security Project undertakes both technical and governance >activities for the OpenStack community, aiming to provide guidance, >information and code that enhances the overall security of the OpenStack >ecosystem" > >but i think this is a pretty minor nit. > >regards, >mike > >__ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [security] The first version of the Logo for Openstack Security Project
Rob and Michael: Thanks for the update. We will probably not use any Openstack Logo. Here is the first draft of the flyer: http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-flag-flyer.pdf Please send us your feedback. Yours, Michael On 10/21/15, 11:32 AM, "Clark, Robert Graham" <robert.cl...@hpe.com> wrote: >I had looped some people into a previous version of the thread but they've not >replied yet. > >I think we ran into this problem before and got a firm "maybe, depending on >what it is" from the powers-that-be. > >Perhaps we should look at a rough-draft alternative logo while we await a >verdict? > >> -Original Message- >> From: michael mccune [mailto:m...@redhat.com] >> Sent: 21 October 2015 17:27 >> To: openstack-dev@lists.openstack.org >> Subject: Re: [openstack-dev] [security] The first version of the Logo for >> Openstack Security Project >> >> On 10/21/2015 03:54 AM, Michael Xin wrote: >> > Hi, guys: >> > Thanks for your help. We are designing a logo and a flyer for Openstack >> > Security Project. Rachel helped us with the task. Attached is her first >> > version of the logo. Please let us know your feedback. >> > >> > http://5d100f09242e1d85fe65-9262bad2bd2ce9d805c21cb30838f376.r18.cf1.rackcdn.com/os-security-project-logo.png >> > Thanks and have a great day. >> >> hi Michael, thanks to Rachel for putting this together. i like the >> general concept of the openstack logo as a lock. i think the "lock >> parts" could have a little more depth on them. >> >> you had asked in irc about usage of the openstack logo, i'm not sure. >> but this page, https://www.openstack.org/brand/openstack-logo/ , seems >> to indicate that the usage is pretty limited. in specific, this section >> "You agree that you will not (i) alter or modify the OpenStack Logo as >> provided by the OpenStack Foundation; " seems to indicate that we may >> not be able to use the logo like this. we should probably ask someone >> from the foundation. >> >> all in all though, a nice effort. many thanks =) >> >> mike >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >__ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev