Comment 58 for bug 1823200

Brian: Also, on step #0 there, when you make the bug public you should first remove the initial paragraph from the description (so that we don't have a public bug claiming to be under embargo), then switch the bug status from Private Security to Public (not Public Security since we generally only use that for advisories not notes) and add a "security" bugtag so that the openstack-security ML will get a copy of the bug updates from that point forward (patches proposed for review, patches mwerged, releases containing them, further discussion, et cetera).