openstack-poc team mailing list archive

Thread
Date

Re: PPB Tuesday Meeting

To: Thierry Carrez <thierry@xxxxxxxxxxxxx>
From: Jarret Raim <jarret.raim@xxxxxxxxxxxxx>
Date: Tue, 16 Aug 2011 20:05:34 +0000
Accept-language: en-US
Cc: "openstack-poc@xxxxxxxxxxxxxxxxxxx" <openstack-poc@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4E4AC68F.80706@openstack.org>
Thread-index: AQHMW8pyflpmLWWNUECjSBMNo8f6DZUf0GxbgABWLYD//7CBgIAAXIKA//+y88M=
Thread-topic: [Openstack-poc] PPB Tuesday Meeting

"Security notification email address (security@xxxxxxxxxxxxx)"

Do we really need this, in addition to the "security issue" flag in LP
and the private individual addresses ? I'm not sure either way... On one
hand, one more medium to watch, on the other, security@ is common
practice... Would it just be autoforwarded to private list ?


I would probably have it redirect to the private list. The goal is to make it as easy as possible to report possible security issues, breaches, thoughts, questions, whatever. If it was a true issue, I would imagine we would either ask the sender to put in a ticket or one of the members of the Group would put it in themselves. We could certainly do without it, but as you say, the security@ pattern is a common one and would be a good place for people not part of the OpenStack community to communicate issues to the Group easily.


"vulnerability discussion & classification (MSA/CVE)"

MSA are Mozilla Security Advisories, I doubt we would issue those :)
Maybe "OSA" ?

Ha, good catch. Fixed.


Thanks,
Jarret
This email may include confidential information. If you received it in error, please delete it.

References

Re: PPB Tuesday Meeting
From: Jarret Raim, 2011-08-16
Re: PPB Tuesday Meeting
From: Thierry Carrez, 2011-08-16