[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

To: Matt Wilson <msw@xxxxxxxxx>
From: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Nov 2014 17:44:17 +0000
Cc: Lars Kurth <lars.kurth.xen@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Mon, 10 Nov 2014 17:44:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Matt Wilson writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108 
process post-mortem"):
> On Wed, Oct 22, 2014 at 02:05:38PM +0100, Lars Kurth wrote:
> > The changes on the table are really more practical and aim at
> > demonstrating a) use of Xen and b) a mature security vulnerability
> > process. So I don't think there is a contradiction with having
> > criteria.
> 
> I don't think a) and b) are nearly enough. The bar needs to be set a
> lot higher. But this is something we can discuss in a different part
> of the thread.

I agree with Ian Campbell on this topic.  The predisclosure list ought
to remain very broad.  Like Ian, I would give very different answers
to all the other questions, if the membership criteria were narrowed.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
Next by Date: Re: [Xen-devel] PCI passthrough (pci-attach) to HVM guests bug (BAR64 addresses are bogus)
Previous by thread: Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
Next by thread: [Xen-devel] [linux-3.10 test] 31379: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.