|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Xen-users] Security disclosure process discussion update
On Tue, 2013-04-16 at 14:05 +0100, George Dunlap wrote: > On 15/04/13 15:55, Ian Campbell wrote: > > > > Asking them to setup xen-security-team@xxxxxxxxxx seems a bit of a > > burden > > I'm just curious, is it really that much of a burden? If Debian, for > example, already has infrastructure to accept > "<package>@packages.debian.org", how much extra work is it to add > "<package>-security@xxxxxxxxxx"? For just one $package its probably still a moderate amount of work. I would guess that it would require coordination with the DSA (Debian Sys Admins, or whoever controls mx.debian.org and mx.packages.debian.org) to setup the new alias and track/manage who the real maintainers is/are for $package over time and changes etc. Remember that part of the problem here is that the maintainer field can be and for better or worse of is set to a public mailing list so there would need to be some rounds of discussion etc about what the correct membership of the list should be (use the changed-by field, use the uploaders field?). Packages are not necessarily very consistent in these areas... Now maybe the generic any $package variant of that would be a useful thing for a distro to have but that would be even more work to actually make it useful and it would be hard to guarantee that it remained private for any given package (which somewhat defeats the purpose!) Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |