[Xen-announce] Reminder: Vulnerability embargo dates - add your public holidays

[Ian Jackson <ian.jackson@xxxxxxxxxxxxx>]

In mid-May I wrote:

> When the Xen Project Security Team talks to discoverers about choice
> of release dates for security vulnerabilities, we generally try to
> avoid known public holidays (subject to other constraints such as the
> discoverer's requirements, the Xen Project policy, and so on).
> 
> We wish to make this arrangement a bit more formal, and in particular
> to provide discoverers (who ultimately decide disclosure dates) and
> the Security Team (who often give advice) with good information to
> support their decisions.
> 
> To this end we have created a wiki page where interested community
> members can document public holidays which would affect their ability
> to respond to security issues.
> 
> Please see:
>   https://wiki.xenproject.org/wiki/HolidayCalendar
> 
> If you would like your circumstances taken into account, please add to
> the data for 2017 on that page.
> 
> Note that if you do not already have write access to the wiki, you'll
> have to request it.  Sorry for the inconvenience, and please see:
>   https://wiki.xenproject.org/wiki/Main_Page
> 
> Also, as the HolidayCalendar wiki page says:
> 
>   Note that disclosure schedules are determined by the discoverers of
>   vulnerabilities who do not need to follow the guidelines in the Xen
>   Project policy.  Where discoverers ask the Xen Project Security Team
>   for advice, or choose to follow the policy, the holiday information
>   here is advisory only.  Because the policy requires us to consider
>   other factors too, we cannot guarantee to avoid holidays.

I see that US, UK and Canadian holidays have been added.  Members of
the Xen Project community in other places ought to consider adding
their own holiday dates.

Ian.

_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
https://lists.xen.org/xen-announce