openstack team mailing list archive

[Soren Hansen <soren@xxxxxxxxxxx>]

2011/11/24 Thierry Carrez <thierry@xxxxxxxxxxxxx>:
> This is actually linked to the next section. If you limit the numbers of
> members in a vulnerability handling team, you create resentment with
> those members or companies that are not part of it. The phrasing is
> there to reassure non-members that there is no advantage for being "in".

Exactly. We're bootstrapping the team and the process. We (as a project)
don't necessarily know the people stepping forward to take on a
membership of this team, so it's important that the responsibilities (of
which there are many) and privileges (of which there are really none)
are clear. I see no reason not to be clear about the ground rules up
front, and make it explicit that it's not an "early warning list".  It's
a response team.

-- 
Soren Hansen        | http://linux2go.dk/
Ubuntu Developer    | http://www.ubuntu.com/
OpenStack Developer | http://www.openstack.org/