|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Security vulnerability process - confirmed
Hello Ian, Monday, December 12, 2011, 5:37:46 PM, you wrote: > It's time we made this policy official. There was only one change to > make during "last call" discussion, and with that I think we have > consensus. > Changes from the final draft: > * Increase the standard embargo period from one week to two, > as discussed in the last call. > The final version, below, will go on the xen.org website shortly. > Thanks, > Ian. > xen.org security problem response process > ----------------------------------------- <big snip> > 3. Advisory public release: > At the embargo date we will publish the advisory, and push > bugfix changesets to public revision control trees. > Public advisories will be posted to xen-devel. > Copies will also be sent to the pre-disclosure list, unless > the advisory was already sent there previously during the embargo > period and has not been updated since. shouldn't this include at least xen-users and xen-announce, and perhaps a special read only list for security advisories ? <big snip> -- Sander _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |