[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem



Matt Wilson writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108 
process post-mortem"):
> On Wed, Oct 22, 2014 at 02:05:38PM +0100, Lars Kurth wrote:
> > The changes on the table are really more practical and aim at
> > demonstrating a) use of Xen and b) a mature security vulnerability
> > process. So I don't think there is a contradiction with having
> > criteria.
> 
> I don't think a) and b) are nearly enough. The bar needs to be set a
> lot higher. But this is something we can discuss in a different part
> of the thread.

I agree with Ian Campbell on this topic.  The predisclosure list ought
to remain very broad.  Like Ian, I would give very different answers
to all the other questions, if the membership criteria were narrowed.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.