Xen project Mailing List

Re: [Xen-devel] [PATCH RFC] Make all public hosting providers eligible for the pre-disclosure list

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>

Date: Fri, 16 Nov 2012 15:10:26 +0000

Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Fri, 16 Nov 2012 15:11:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

If we are allowing any cloud provider, not matter how small, to sign
up, then we should probably substantially relax the rules on software
vendors too. I'm not sure exactly what the rule should be but
certainly we should be requiring no more than 1,000 deployed
instances.

What kind of vendors / projects might fit that kind of profile?

I suppose (for example) if there was a botique software dev house selling high-value-add XenClient-like solutions to a relatively small number of customers, it might make sense to allow them to join.

> + <p>We prefer that a role address be used for each organisation, rather than one or more individual's direct email address. This helps to ensure that changes of personnel do not end up effectively dropping an organisation from the list</p>

We should insist on this I think. Otherwise it will be unmanageable.

Heh -- my early drafts did have this ("No personal e-mail addresses"), but I took it out to minimize the change. I'm happy to put it back in. :-)

I have another comment: given that predisclosure list members are
allowed to reveal the fact that there is an advisory and the release
date, would it be sensible for there to be a public list of
forthcoming public advisories ?

That makes sense, but maybe should be in a separate patch?

-George

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel