Xen project Mailing List

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: John Haxby <john.haxby@xxxxxxxxxx>

Date: Wed, 04 Jul 2012 11:04:03 +0100

Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Wed, 04 Jul 2012 10:04:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 04/07/12 10:27, Ian Campbell wrote: > On Thu, 2012-06-28 at 19:30 +0100, Alan Cox wrote: >> > >>>> > > > 8. Predisclosure subscription process, and email address criteria >> > >> > Email is not a trustworthy medium. The linux security list was in the >> > past intercepted. > I think it would be wise to add encryption (and the requirement to > provide a key) to the pre-disclosure list. I wonder if mailman has > per-subscriber encryption capabilities. > > If not then we should consider moving this particular list to a list > manager which can. Apparently whatever the linux-distros list uses can > do this (judging from > http://oss-security.openwall.org/wiki/mailing-lists/distros) That's correct. linux-distros (and distros) also precludes having exploder lists in organisations. That's not generally going to be a problem -- you're not likely to have more than a handful of people on the list even in largish organisations. The linux-distros and distros lists are, I believe, based around something the list manager maintains. You'd have to ask him about how it works. jch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.