openstack-poc team mailing list archive

[Thierry Carrez <thierry@xxxxxxxxxxxxx>]

Hey Jarret,

Thanks for fixing the draft. Two minor remarks:

"Security notification email address (security@xxxxxxxxxxxxx)"

Do we really need this, in addition to the "security issue" flag in LP
and the private individual addresses ? I'm not sure either way... On one
hand, one more medium to watch, on the other, security@ is common
practice... Would it just be autoforwarded to private list ?

"vulnerability discussion & classification (MSA/CVE)"

MSA are Mozilla Security Advisories, I doubt we would issue those :)
Maybe "OSA" ?

Cheers,

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack