openstack-poc team mailing list archive

Thread
Date

Re: PPB Tuesday Meeting

To: Jay Pipes <jaypipes@xxxxxxxxx>, Jonathan Bryce <jbryce@xxxxxxxxxx>
From: Jarret Raim <jarret.raim@xxxxxxxxxxxxx>
Date: Tue, 16 Aug 2011 19:04:40 +0000
Accept-language: en-US
Cc: "openstack-poc@xxxxxxxxxxxxxxxxxxx" <openstack-poc@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAAE6tVajE3AcNcMY77+7Wj7MGSeQRuS0CzRMNe1ef0TwOur_hQ@mail.gmail.com>
Thread-index: AQHMW8pyflpmLWWNUECjSBMNo8f6DZUf0GxbgABWLYD//7CBgA==
Thread-topic: [Openstack-poc] PPB Tuesday Meeting
User-agent: Microsoft-MacOutlook/14.12.0.110505

Jay,

Thanks for the comments. I had changed the text below to be specific about
LaunchPad, but I had missed the part you pointed out. I went ahead and
changed that to:

* Operate a private security mailing list and curate private issues in
LaunchPad for tracking & resolving vulnerabilities.

Hopefully that is a bit more clear.


I changed the text for the initial group membership to limit it to 8. I'm
happy to lower it if that seems to high. The basic goal was to start with
a group of diverse people (commercial & open source, Rackspace and not,
security contractors and not, etc.) If we just want to start out with a
couple of Rackers and one or two interested parties, I'm fine with that. I
just wanted to make sure we have a good set of opinions to get going with
the initial work.


By private resources, I just mean the private mailing list and the private
issues in the LaunchPad tracker. I would imagine the group would strive to
do most things publicly with anything private being as needed (and
hopefully temporary). If the language is confusing, I'm happy to fix it.


Thanks,


Jarret Raim | Application Security, Lead Architect

-------------------------------------------------------------
5000 Walzem Road                            Office: 210.312.3121
San Antonio, TX 78218                   Cellular: 210.437.1217
-------------------------------------------------------------
rackspace hosting   |   experience fanatical support







On 8/16/11 1:49 PM, "Jay Pipes" <jaypipes@xxxxxxxxx> wrote:

>I think this bullet:
>
>* Operate a private security mailing list and issue tracker for
>tracking & resolving vulnerabilities.
>
>Is what Thierry was suggesting should be changed to remove the
>separate issue tracker, since Launchpad already provides
>security/private bug functionality.
>
>Also, this sentence:
>
>As such, I recommend that a core of OpenStack community leaders,
>Rackspace specialists and security experts in the commercial and open
>source world start out as the seed of the OSSG, maintaining access to
>private resources.
>
>I think Thierry (and myself agreeing) were saying that the OSSG should
>not contain a lot of people initially. Also, Jarret, could you explain
>what you mean above by "maintaining access to private resources"?
>
>Thanks!
>
>-jay
>
>On Tue, Aug 16, 2011 at 2:40 PM, Jonathan Bryce <jbryce@xxxxxxxxxx> wrote:
>> Jarret made updates to address most of Thierry's comments. Updated
>>version
>> still available
>> at 
>>http://wiki.openstack.org/Governance/Proposed/OpenStack%20Security%20Grou
>>p
>> Jonathan.
>> On Aug 16, 2011, at 12:01 PM, Jonathan Bryce wrote:
>>
>> Thanks for the feedback. I forwarded it to Jarret and asked him to
>>update
>> the proposal before we vote on it.
>>
>> Jonathan.
>>
>>
>> On Aug 16, 2011, at 11:34 AM, Thierry Carrez wrote:
>>
>> Joshua McKenty wrote:
>>
>> What's the logic to use personal email addresses? I agree with needing
>>GPG
>> keys, but I think there's an obvious role for company-level
>>participation.
>> Or did you just mean "no group addresses", which I definitely agree
>>with.
>>
>> Yes, the idea is "no group address", so that communication can be
>>
>> encrypted. s/personal/individual/
>>
>> --
>>
>> Thierry Carrez (ttx)
>>
>> Release Manager, OpenStack
>>
>> _______________________________________________
>>
>> Mailing list: https://launchpad.net/~openstack-poc
>>
>> Post to     : openstack-poc@xxxxxxxxxxxxxxxxxxx
>>
>> Unsubscribe : https://launchpad.net/~openstack-poc
>>
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack-poc
>> Post to     : openstack-poc@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack-poc
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack-poc
>> Post to     : openstack-poc@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack-poc
>> More help   : https://help.launchpad.net/ListHelp
>>
>>

This email may include confidential information. If you received it in error, please delete it.

Follow ups

Re: PPB Tuesday Meeting
From: Soren Hansen, 2011-08-16
Re: PPB Tuesday Meeting
From: Thierry Carrez, 2011-08-16
Re: PPB Tuesday Meeting
From: Jay Pipes, 2011-08-16

References

Re: PPB Tuesday Meeting
From: Jay Pipes, 2011-08-16