[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [DRAFT] Coverity Access Policy



On Mon, 2013-09-23 at 15:32 +0100, Andrew Cooper wrote:
> >  * agree to not disclose any issue discovered other than to the
> >    security team, unless this has been approved by the security team.
> 
> To help facilitate this, would it be sensible to have a separate mailing
> list @xenproject.org containing the approved coverity members?  Already,
> there have been several cases where I have requested a second opinion,
> or just as simple discussion about .  At the moment it is fine cc'ing
> security@xen and two other email addresses, but as more members join,
> this will get untenable.

That's certainly something to consider.

On a related not we should do as we do for the predisclosure list and
list the members and the affiliations publicly I suppose.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.