On Fri, Jun 21, 2013 at 12:08:43PM -0400, Yun Mao wrote:
Interesting. Does it automatically make the commit in stealth mode so
that it's not seen in public? Thanks,
This tag is about asking for design input / code review from people with
security expertize for new work. As such the code is all public.
Fixes for security flaws in existing code which need to be kept private
should not be sent via Gerrit. They should be reported privately as per
the guidelines here:
http://www.openstack.org/projects/openstack-security/
On Fri, Jun 21, 2013 at 11:26 AM, Bryan D. Payne bdpa...@acm.org wrote:
This is a quick note to announce that the OpenStack gerrit system supports
a SecurityImpact tag. If you are familiar with the DocImpact tag, this
works in a similar fashion.
Please use this in the commit message for any commits that you feel would
benefit from a security review. Commits with this tag in the commit
message will automatically trigger an email message to the OpenStack
Security Group, allowing you to quickly tap into some of the security
expertise in our community.
PTLs -- Please help spread the word an encourage use of this within your
projects.
Cheers,
-bryan
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev