[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

To: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Tue, 3 Jul 2012 15:18:30 +0100
Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Thomas Goirand <thomas@xxxxxxxxxx>
Delivery-date: Tue, 03 Jul 2012 14:19:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 3 Jul 2012, George Dunlap wrote:
> That said, it still introduces unfairness

Considering that the members of the security disclosure list are public
(http://www.xen.org/projects/security_vulnerability_process.html) and
considering that some of them are service providers, if I am a costumer,
why would I ever choose a provider that is not in that list?

Having that list on the website is like writing: "please choose one of
the providers in the list below as they have a better security
response".

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Ian Campbell
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [xen vMCE RFC V0.2] xen vMCE design
Next by Date: Re: [Xen-devel] [PATCH 2/3] tools:libxl: Add qxl vga interface support v2
Previous by thread: Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
Next by thread: Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
Index(es):
- Date
- Thread