[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-announce] Security vulnerability process, and CVE-2012-0217
The Xen.org security response team is charged with implementing the Xen security response process, the current version of which can be found here: http://www.xen.org/projects/security_vulnerability_process.html Over the past two months we on that team have been involved with XSA-7 / CVE-2012-0217 and its various fallout. During this exercise we have encountered some problems with the process. The process needs improvement. Also, we have had to make some difficult decisions. We feel it is essential for keeping us honest that we explain to the community what we did, and when. A message starting this discussion has just been posted to the xen-devel mailing list: http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html The outcome of this discussion will be a set of changes to be agreed on and/or voted on using the existing Xen.org governance processes: http://www.xen.org/projects/governance.html This discussion will take place on xen-devel. We expect it to take some weeks. We welcome the views of everyone in the Xen community - please come and have your say. Thanks for your attention, Ian. on behalf of the Xen.org security response team _______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxx http://lists.xen.org/xen-announce |
Lists.xenproject.org is hosted with RackSpace, monitoring our |