[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC] Make all public hosting providers eligible for the pre-disclosure list

On Fri, Nov 16, 2012 at 3:02 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
If we are allowing any cloud provider, not matter how small, to sign
up, then we should probably substantially relax the rules on software
vendors too.  I'm not sure exactly what the rule should be but
certainly we should be requiring no more than 1,000 deployed

What kind of vendors / projects might fit that kind of profile?

I suppose (for example) if there was a botique software dev house selling high-value-add XenClient-like solutions to a relatively small number of customers, it might make sense to allow them to join.

> +    <p>We prefer that a role address be used for each organisation, rather than one or more individual's direct email address. This helps to ensure that changes of personnel do not end up effectively dropping an organisation from the list</p>

We should insist on this I think.  Otherwise it will be unmanageable.

Heh -- my early drafts did have this ("No personal e-mail addresses"), but I took it out to minimize the change.  I'm happy to put it back in. :-)
I have another comment: given that predisclosure list members are
allowed to reveal the fact that there is an advisory and the release
date, would it be sensible for there to be a public list of
forthcoming public advisories ?

That makes sense, but maybe should be in a separate patch?

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.