openstack-poc team mailing list archive

[Soren Hansen <soren@xxxxxxxxxxx>]

2011/8/16 Jarret Raim <jarret.raim@xxxxxxxxxxxxx>:
> I changed the text for the initial group membership to limit it to 8. I'm
> happy to lower it if that seems to high.

I wonder what your motivations are for such a large group? These are
not people doing security auditing or anything like that. I see this
as a very small group of responsible people with experience in dealing
with security particularly in open source software.

A group focusing on penetration testing and auditing and whatnot would
be *fantastic*, and while there might be overlap between these two
groups, I don't think they should be the same.

> The basic goal was to start with
> a group of diverse people (commercial & open source, Rackspace and not,
> security contractors and not, etc.) If we just want to start out with a
> couple of Rackers and one or two interested parties, I'm fine with that. I
> just wanted to make sure we have a good set of opinions to get going with
> the initial work.

I don't see this as the sort of thing were wide representation is
required (or even desirable). The smaller the group, the better. If
there's an actual vulnerability, you want as few people to know about
it as possible until it's been addressed.

-- 
Soren Hansen        | http://linux2go.dk/
Ubuntu Developer    | http://www.ubuntu.com/
OpenStack Developer | http://www.openstack.org/