Jump to: navigation, search

Security/Security Note Process

< Security
Revision as of 22:37, 12 January 2014 by Nkinder (talk | contribs) (Created page with "This page describes the process that should be followed for writing and publishing an OpenStack Security Note (OSSN). This page is intended to be used by members of the OpenS...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page describes the process that should be followed for writing and publishing an OpenStack Security Note (OSSN). This page is intended to be used by members of the OpenStack Security Group.

Writing

Template

Reviewing

A Security Note should be reviewed by at least one other member of the OpenStack Security Group as well as the PTL from any projects related to the Security Note. When a Security Note is ready for review, the draft should be entered as a comment in the OSSN bug in Launchpad. The reviewers should give their approval or feedback on required changes in the Launchpad bug.

Publishing

Once a Security Note has been approved by the appropriate reviewers, it is ready to be published. Security Notes are published in two places:

  • OpenStack mailing lists
  • OpenStack wiki

Post-mortem Tasks

Once a Security Note has been published, it is a good idea to see if the OpenStack Security Guide or Security Guidelines could be improved to help prevent issues similar to the issue form the Security Note.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Security_Note_Process&oldid=39550"