OpenStack Core Infrastructure

Add SecurityImpact tag for pull requests

Bug #1070577 reported by Bryan D. Payne
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Core Infrastructure
Fix Released
High
Clark Boylan

Bug Description

I would like to add a 'SecurityImpact' tag for pull requests. The idea is that this would be similar to the DocImpact tag, allowing people to self identify when a code change has a potential security impact. This tag could then trigger an email to the newly formed OpenStack Security Group, where one of our group members could provide a security review on the code.

Tag name: SecurityImpact

Email notification to: <email address hidden>

Thanks,
-bryan

Tags: updatebug
Revision history for this message
Thierry Carrez (ttx) wrote :

We should probably set this up before we attempt the rewrite of update_bug.py to a streamevent daemon.

Changed in openstack-ci:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ci-puppet (master)

Fix proposed to branch: master
Review: https://review.openstack.org/14856

Changed in openstack-ci:
assignee: nobody → Clark Boylan (cboylan)
status: Confirmed → In Progress
Revision history for this message
Clark Boylan (cboylan) wrote :

<email address hidden> is a launchpad mailing list which typically does not play nice with mail sent from our gerrit server. If this list is does not allow mail from <email address hidden> you will want to setup a new list on the openstack.org mailing list server and switch to that (if we manage that list then we can allow <email address hidden> to send to it).

Revision history for this message
Bryan D. Payne (bdpayne) wrote :

FYI, we're working to setup a new list. I'll let you know when that is in place.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ci-puppet (master)

Reviewed: https://review.openstack.org/14856
Committed: http://github.com/openstack/openstack-ci-puppet/commit/042770ad6f2eec32ce6a929a9896c011e8ad4814
Submitter: Jenkins
Branch: master

commit 042770ad6f2eec32ce6a929a9896c011e8ad4814
Author: Clark Boylan <email address hidden>
Date: Thu Oct 25 14:55:32 2012 -0700

    Add security impact email notifications.

    Fixes bug #1070577

    Make the notify_impact script generic so that it can handle different
    types of notifications. Then add a SecurityImpact notification.

    Change-Id: Id4bbf7db29e36dde783328e31685079e79d0b1e9

Changed in openstack-ci:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.