[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Coverity + XenProject + Process?
On Thu, Sep 05, 2013 at 10:26:38AM +0100, Ian Campbell wrote: > On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote: > > Hey > > > > We have a static analyzer setup for Xen called Coverity. It allows > > the code to be inspected for bugs and such. > > > > Originally I setup this so that we could make sure that there are no > > bugs that cause security issues - and as such invited only folks > > on the security Xen mailing list. > > > > But there are other folks who I am sure would like to contribute > > and as Coverity is pretty amazing at analyzing issues and providing > > a good idea of how to fix it - was wondering what should be the > > procedure for involving volunteers for that? > > This conversation and the decision is on going to take a while. > > In the meantime we (security@ or xen-devel@) have received offers of > help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are > well known to us and IMHO trustworthy. Matthew and Andrew have been > involved in both disclosing and helping to resolve multiple security > issues in the past. I don't think Steven has been involved in security > disclosure stuff (apologies Steven if I've forgotten) but has none the > less been active in Xen and with various security related aspects of the > project. > > Given that I would like to propose that we give all three of them access > while the policy conversation is on going. > > Any objections? If so then please raise them by the end of business this > Sunday (8 September). +1 --msw _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |