| tkajinam | is there any public document which describes the projects observed by security sig now ? | 12:50 |
|---|---|---|
| tkajinam | (though the "sig" might be mostly equivalent to fungi | 12:50 |
| tkajinam | I often forget the terminology around security problem management in OpenStack but I hope what I mean is clear | 12:51 |
| rosmaita | tkajinam: maybe this answers your question: https://governance.openstack.org/tc/resolutions/20250317-extend-scope-VMT-cover-all-projects.html | 12:54 |
| tkajinam | rosmaita, ah yes ! thank you ! | 13:00 |
| fungi | tkajinam: the security sig doesn't necessarily observe specific projects, we're a sig for all of openstack. the vmt oversees reports of suspected vulnerabilities for basically all projects so long as they meet the requirements listed at https://security.openstack.org/repos-overseen.html | 13:29 |
| fungi | the security sig has a page here though the description is likely outdated: | 13:33 |
| fungi | https://wiki.openstack.org/wiki/Security-SIG | 13:33 |
| tkajinam | fungi, ok | 13:57 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!