[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Coverity + XenProject + Process?
On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote: > Hey > > We have a static analyzer setup for Xen called Coverity. It allows > the code to be inspected for bugs and such. > > Originally I setup this so that we could make sure that there are no > bugs that cause security issues - and as such invited only folks > on the security Xen mailing list. > > But there are other folks who I am sure would like to contribute > and as Coverity is pretty amazing at analyzing issues and providing > a good idea of how to fix it - was wondering what should be the > procedure for involving volunteers for that? This conversation and the decision is on going to take a while. In the meantime we (security@ or xen-devel@) have received offers of help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are well known to us and IMHO trustworthy. Matthew and Andrew have been involved in both disclosing and helping to resolve multiple security issues in the past. I don't think Steven has been involved in security disclosure stuff (apologies Steven if I've forgotten) but has none the less been active in Xen and with various security related aspects of the project. Given that I would like to propose that we give all three of them access while the policy conversation is on going. Any objections? If so then please raise them by the end of business this Sunday (8 September). Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |