| zigo | fungi: How come I didn't recieve a pre-ossa ? | 08:04 |
|---|---|---|
| zigo | Oh, no fix yet ... | 08:05 |
| zigo | I get it. That would need a malicious service ... | 08:07 |
| fungi | zigo: yes, that's just a longstanding known issue, that a number of services have never really finished up the rootwrap to privsep migration | 11:23 |
| fungi | but since it was reported in private we had to evaluate it again to make sure it didn't include any new insights before switching it to public | 11:25 |
| fungi | dmendiza[m]: d34dh0r53: i just saw a debian advisory for story 2010258, which reminded me, if barbican folks want to publish ossa for those sorts of vulnerabilities and send advance copies of patches to the downstream stakeholders embargo notice list for advance notification list, vmt oversight isn't needed for that. vmt members are generally happy to moderate the ml posts and | 20:03 |
| fungi | review/approve ossa repo changes for them as long as someone does the writing | 20:03 |
| fungi | (same goes for any other openstack project which isn't officially overseen by the vmt) | 20:04 |
| fungi | making that possible is a big part of why our vulnerability management process is designed the way it is | 20:06 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!