OpenStack Developer Mailing List Digest September 17-23
- A MQTT based unified message bus for infra services.
- This allows a single place to go for consuming messages of events from infra services.
- Two interfaces for subscribing to topics:
- MQTT protocol on the default port
- Websockets over port 80
- Launchpad and gerrit events are the only things currently sending message to firehose, but the plan is to expand this.
- An example  of gerritbot on the consuming side, which has support for subscribing to gerrit event stream over MQTT.
- A spec giving details on firehose .
- Docs on firehose .
Release countdown for week R-1, 26-30
- Focus: All teams should be working on release-critical bugs before the final release.
- 29th September is the deadline for the new release candidates or release from intermediary projects.
- Quiet period to follow before the last release candidates on 6th October.
- Release actions:
- Projects not following the milestone-based release model who want a stable/newton branch created should talk to the release team.
- Watch for translation patches and merge them quickly to ensure we have as many user-facing strings translated as possible in the release candidates.
- If your project has already been branched, make sure those patches are applied to the stable branch.
- Liaisons for projects with independent deliverables should import the release history by preparing patches to openstack/release.
- Important Dates:
- Newton last RC, 29 September
- Newton final release, 6 October
- Newton release schedule 
- Full thread
Removal of Security and OpenStackSalt Project Teams From the Big Tent
- The Security and OpenStackSalt projects are without PTLs. Projects leaderless default to the Technical Committee for decision of what to do with the project . Majority of the Technical Committee has agreed to have these projects removed.
- OpenStackSalt is a relatively new addition to the Big Tent, so if they got their act together, they could be reproposed.
- We still need to care about security., and we still need a home for the vulnerability management team (VMT). The suggested way forward is to have the VMT apply to be its own official project team, and have security be a working group.
- The Mitaka PTL for the Security mentions missing the election date, but provides some things the team has been working on:
- Issuing Security Notes for Glance, Nova, Horizon, Bandit, Neutron and Barbican.
- Updating the security guide (the book we wrote on securing OpenStack)
- Hosting a midcycle and inducting new members
- Supporting the VMT with several embargoed and complex vulnerabilities
- Building up a security blog
- Making OpenStack the biggest open source project to ever receive the Core
- Infrastructure Initiative Best Practices Badge
- Working on the OpenStack Security Whitepaper
- Developing CI security tooling such as Bandit
- One of the Technical Committee members privately received information that explains why the security PTL was not on top of things. With ~60 teams around there will always be one of two that miss, but here we’re not sure it passes the bar of “non-alignment with the community” that would make the security team unfit to be an official OpenStack Team.
- Full thread
 – http://git.openstack.org/cgit/openstack-infra/gerritbot/commit/?id=7c6e57983d499b16b3fabb864cf3b
 – http://specs.openstack.org/openstack-infra/infra-specs/specs/firehose.html
 – http://docs.openstack.org/infra/system-config/firehose.html
 – http://releases.openstack.org/newton/schedule.html
 – http://docs.openstack.org/project-team-guide/open-community.html#technical-committee-and-ptl-elections