Re: [openstack-dev] [glance][VMT][Security] Glance coresec reorg

2016-10-24 Thread Michael Xin 
+1 for both.

yours,
Michael

On Fri, Oct 21, 2016 at 3:07 AM, Flavio Percoco  wrote:

> On 20/10/16 12:33 -0700, Steve Lewis wrote:
>
>> I'm not voicing as a core here, but in the course of several cycles I have
>> seen Erno and Ian each providing the care and insight needed by this role
>> and trust them to do the job well.
>>
>>
> +1k to the above!
>
> Thank you both for stepping up for this critical task.
> Flavio
>
>
>
>> On Wed, Oct 19, 2016 at 3:50 PM, Jeremy Stanley 
>> wrote:
>>
>> On 2016-10-18 22:22:28 + (+), Brian Rosmaita wrote:
>>> > Thus, the main point of this email is to propose Ian Cordasco and Erno
>>> > Kuvaja as new members of the Glance coresec team.  They've both been
>>> > Glance cores for several cycles, have a broad knowledge of the software
>>> > and team, contribute high-quality reviews, and are conversant with good
>>> > security practices.
>>> [...]
>>>
>>> Sounds good to me. From a VMT perspective, I'm just happy to see
>>> Glance keeping active participants with available bandwidth looking
>>> at prospective vulnerability reports so we can continue to churn
>>> through them faster and make them public sooner. Thanks for keeping
>>> the wheels turning!
>>> --
>>> Jeremy Stanley
>>>
>>> 
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: openstack-dev-requ...@lists.op
>>> enstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>
>> --
>> SteveL
>>
>
> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> --
> @flaper87
> Flavio Percoco
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Openstack-security] [Security]abandoned OSSNs?

2016-04-11 Thread Michael Xin 
Matt:
Thanks for asking this. I forwarded this email to the new email list so that 
folks with better knowledge can answer this.


Thanks and have a great day.

Yours,
Michael


-
Michael Xin | Manager, Security Engineering - US
Product Security  |Rackspace Hosting
Office #: 501-7341   or  210-312-7341
Mobile #: 210-284-8674
5000 Walzem Road, San Antonio, Tx 78218

Experience fanatical support

From: Matt Fischer <m...@mattfischer.com<mailto:m...@mattfischer.com>>
Date: Monday, April 11, 2016 at 9:19 AM
To: 
"openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>"
 
<openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>>
Subject: [Openstack-security] abandoned OSSNs?

Some folks from our security team here asked me to ensure them that our 
services were patched for all the OSSNs that are listed here: 
https://wiki.openstack.org/wiki/Security_Notes

Most of these are straight-forward, but there are some OSSNs that have been 
allocated an ID but then abandoned. There is no detailed wiki page and my best 
google efforts lead me to a possible IRC mention and maybe an abandoned review. 
The two specifically are OSSN-50/51.

So what am I to do with an "abandoned" OSSN? Has it been decided that there is 
no issue anymore? These are pretty old if I look at the dates framing the other 
OSSNs (49/52), so I assume they aren't urgent. Can we ignore these? They sound 
somewhat scary, for example, "keystonemiddleware can allow access after token 
revocation" but I have no means to say whether it affects us or how we can 
mitigate without more info.

Thoughts?
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] The first version of the Logo for Openstack Security Project

2015-10-22 Thread Michael Xin 
Mike:
Got it. Thanks. We will update it. 


Yours,
Michael 




On 10/22/15, 12:18 PM, "michael mccune" <m...@redhat.com> wrote:

>On 10/21/2015 05:11 PM, Michael Xin wrote:
>> Rob and Michael:
>> Thanks for the update. We will probably not use any Openstack Logo.
>>
>> Here is the first draft of the flyer:
>>
>> http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-flag-flyer.pdf
>>
>>
>> Please send us your feedback.
>
>i think my only suggestion on the text would be to slightly alter the 
>second sentence of the "What's the OSSP?" section.
>
>currently it is:
>
>"The Security Project undertakes both technical and governance 
>activities within OpenStack, aiming to provide guidance, information and 
>code that enhances the overall security of the OpenStack ecosystem"
>
>i would change the beginning to:
>
>"The Security Project undertakes both technical and governance 
>activities for the OpenStack community, aiming to provide guidance, 
>information and code that enhances the overall security of the OpenStack 
>ecosystem"
>
>but i think this is a pretty minor nit.
>
>regards,
>mike
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [security] The first version of the Logo for Openstack Security Project

2015-10-21 Thread Michael Xin 
Rob and Michael:
Thanks for the update. We will probably not use any Openstack Logo. 

Here is the first draft of the flyer:

http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-flag-flyer.pdf


Please send us your feedback. 


Yours,
Michael 





On 10/21/15, 11:32 AM, "Clark, Robert Graham" <robert.cl...@hpe.com> wrote:

>I had looped some people into a previous version of the thread but they've not 
>replied yet.
>
>I think we ran into this problem before and got a firm "maybe, depending on 
>what it is" from the powers-that-be.
>
>Perhaps we should look at a rough-draft alternative logo while we await a 
>verdict?
>
>> -Original Message-
>> From: michael mccune [mailto:m...@redhat.com]
>> Sent: 21 October 2015 17:27
>> To: openstack-dev@lists.openstack.org
>> Subject: Re: [openstack-dev] [security] The first version of the Logo for 
>> Openstack Security Project
>> 
>> On 10/21/2015 03:54 AM, Michael Xin wrote:
>> > Hi, guys:
>> > Thanks for your help. We are designing a logo and a flyer for Openstack
>> > Security Project. Rachel helped us with the task. Attached is her first
>> > version of the logo. Please let us know your feedback.
>> >
>> > http://5d100f09242e1d85fe65-9262bad2bd2ce9d805c21cb30838f376.r18.cf1.rackcdn.com/os-security-project-logo.png
>> > Thanks and have a great day.
>> 
>> hi Michael, thanks to Rachel for putting this together. i like the
>> general concept of the openstack logo as a lock. i think the "lock
>> parts" could have a little more depth on them.
>> 
>> you had asked in irc about usage of the openstack logo, i'm not sure.
>> but this page, https://www.openstack.org/brand/openstack-logo/ , seems
>> to indicate that the usage is pretty limited. in specific, this section
>> "You agree that you will not (i) alter or modify the OpenStack Logo as
>> provided by the OpenStack Foundation; " seems to indicate that we may
>> not be able to use the logo like this. we should probably ask someone
>> from the foundation.
>> 
>> all in all though, a nice effort. many thanks =)
>> 
>> mike
>> 
>> 
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev