[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: Security vulnerability process - last call

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 19 Jul 2011 12:07:46 +0100
Delivery-date: Tue, 19 Jul 2011 04:10:47 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I wrote:
> We received some comments and based on that I have prepared a new
> final draft.  The changes ought not to be controversial.
> 
> Please send any final comments by the 28th of July (14 days from
> now).  Unless there are objections, we will regard the process as
> formally in force from that date.
...
>    Public advisories will be posted to xen-devel.

We should send these also to some more general list.  So we should
probably post them oss-security [0].

And we should document in the process that we will CC the MITRE CVE
contact address with public advisories to try to make sure that the
MITRE database is updated.

Ian.

[0] http://oss-security.openwall.org/wiki/mailing-lists/oss-security

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] Security vulnerability process - last call
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] Re: Upstream QEMU and Xen unstable not working
Next by Date: [Xen-devel] Re: [xen-4.1-testing test] 8140: regressions - FAIL
Previous by thread: [Xen-devel] Security vulnerability process - last call
Next by thread: [Xen-devel] Re: Security vulnerability process - last call
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.