|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Coverity + XenProject + Process?
Hey We have a static analyzer setup for Xen called Coverity. It allows the code to be inspected for bugs and such. Originally I setup this so that we could make sure that there are no bugs that cause security issues - and as such invited only folks on the security Xen mailing list. But there are other folks who I am sure would like to contribute and as Coverity is pretty amazing at analyzing issues and providing a good idea of how to fix it - was wondering what should be the procedure for involving volunteers for that? Initially it was recommended that they agree to the security disclosure (http://www.xenproject.org/security-policy.html) and will agree to use by default the "Two working weeks between issue of our advisory to our predisclosure list and publication." But I am not sure who should have the power to veto/accept volunteers? Should security@xxxxxxx do that? Or should folks at Xen Devel mailing list be involved in it as well? Should that security disclosure be used for that as well? Ideas? Thank you. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |