[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 5/6] Patch review, expert advice and targetted fixes

To: xen-devel@xxxxxxxxxxxxx
From: Ian Campbell <ian.campbell@xxxxxxxxxx>
Date: Thu, 23 Aug 2012 11:37:53 +0100
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>
Delivery-date: Thu, 23 Aug 2012 10:38:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

See <20448.49637.38489.246434@xxxxxxxxxxxxxxxxxxxxxxxx>, section
    "Patch development and review"
---
 security_vulnerability_process.html |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/security_vulnerability_process.html 
b/security_vulnerability_process.html
index 687e452..c830a04 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -109,8 +109,13 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript 
src=/globals/mmenuns4.js><\/scr
        process.</p></li>
        <p>(This may rely on the other project(s) having
        documented and responsive security contact points)</p>
-    <li><p>We will prepare or check patch(es) which fix the vulnerability.
-       This would ideally include all relevant backports.</p></li>
+    <li><p>We will prepare or check patch(es) which fix the
+       vulnerability.  This would ideally include all relevant
+       backports.  Patches will be tightly targeted on fixing the
+       specific security vulnerability in the smallest, simplest and
+       most reliable way.  Where necessary domain specific experts
+       within the community will be brought in to help with patch
+       preparation.</p></li>
     <li><p>We will determine which systems/configurations/versions are
        vulnerable, and what the impact of the vulnerability is.
        Depending on the nature of the vulnerability this may involve
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Ian Campbell

Prev by Date: [Xen-devel] [PATCH 1/6] Clarify what info predisclosure list members may share during an embargo
Next by Date: [Xen-devel] [PATCH 3/6] Clarify the scope of the process to just the hypervisor project
Previous by thread: [Xen-devel] [PATCH 1/6] Clarify what info predisclosure list members may share during an embargo
Next by thread: [Xen-devel] [PATCH 3/6] Clarify the scope of the process to just the hypervisor project
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.