OpenStack Core Infrastructure

Request: create a new repo for housing OpenStack Security Notes

Bug #1279074 reported by Nathan Kinder on 2014-02-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Core Infrastructure	Fix Released	Undecided	James E. Blair

Bug Description

The OSSG team would like to start using git/gerrit for review and source control of OpenStack Security Notes (OSSNs). Ideally, the project would be named something like "openstack/security-notes" or "openstack/ossn" in review.openstack.org.

The initial commit can be empty, as we only have small number of previously published OSSNs that we can push through the review process once a repo is created.

For +2 rights, I believe it would be best to allow Bryan Payne (bdpayne), Robert Clark (robert-clark), and myself for now.

Revision history for this message

Thierry Carrez (ttx) wrote on 2014-02-12:

This needs a parent program if it is to be given a repo in the openstack namespace. Two solutions:

- creating the ossn repository under stackforge until there is a parent program
- get that repo adopted by the release management program (already in charge of the VMT activities), or maybe the Documentation program (ask Anne what she thinks about it)

Personally i feel like the OSSG is still a nascent group (even if a lot of progress was made to structure its outputs during this cycle, thanks to Nathan's efforts) and Release Management is not really a good parent for it (all release management affairs like Stable branch management or VMT are deeply linked to supported branches, while the OSSG cares more about the global state of security in OpenStack). So while we figure it out, I think this should be created under stackforge so that the OSSN process can start using modern tools right now.

Revision history for this message

Nathan Kinder (nkinder) wrote on 2014-02-13:

@ttx
Using Stackforge for now makes sense. I've gone ahead and started the process to create a new Stackforge project for security notes. We can figure out if we want to pursue having this brought beneath a parent program at a later time. Our immediate goal is simply to use git/gerrit for our OSSN workflow, which Stackforge will accomplish.

I'll go ahead and close this bug.

Changed in openstack-ci:
status:	New → Invalid

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-03-18:

Switched to openstack per http://lists.openstack.org/pipermail/openstack-docs/2014-February/003833.html and the https://review.openstack.org/73157 change.

Revision history for this message

Nathan Kinder (nkinder) wrote on 2014-03-18:

Reopening now that we are proposing to add the OSSN repo under the Documentation program (as mentioned in comment#3).

Changed in openstack-ci:
status:	Invalid → New

OpenStack Infra (hudson-openstack) on 2014-03-26

Changed in openstack-ci:
assignee:	nobody → Nathan Kinder (nkinder)
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2014-03-28

Changed in openstack-ci:
assignee:	Nathan Kinder (nkinder) → James E. Blair (corvus)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-28: Fix merged to config (master)

Reviewed: https://review.openstack.org/73157
Committed: https://git.openstack.org/cgit/openstack-infra/config/commit/?id=c3c1ee09a682d7301a66fd957c815884344b1850
Submitter: Jenkins
Branch: master

commit c3c1ee09a682d7301a66fd957c815884344b1850
Author: Nathan Kinder <email address hidden>
Date: Wed Feb 12 21:54:38 2014 -0800

Add the openstack-security-notes project

    This adds a new project that will be used by the OpenStack Security
    Group (OSSG) for review and source control of OpenStack Security Notes
    (OSSNs).

    This new project will live under the Documentation program, which has
    been agreed upon by the Documentation and OSSG groups. The discussion
    about this decision is in the referenced launchpad bug.

Closes-bug: 1279074
Change-Id: I3d4e0b2c9ab9df9f5f044ddf46c4aff2a01a967a

Changed in openstack-ci:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.