[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 SECURITY-POLICY 0/9] Security policy ambiguities - XSA-108 process post-mortem

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 23 Jan 2015 19:31:11 +0000
Delivery-date: Fri, 23 Jan 2015 19:31:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

I would like to propose the following series of changes to the Xen
Project Security Policy.  For readability I have presented them as
diffs to a reasonably-plausibly-formatted HTML.

The substance of each change is discussed in the corresponding commit
message.

I am going to wait a week to see if anyone has any further comments.
If not, I will ask the Xen Project Community Manager to conduct the
formal approval process.


You can find the git tree I am using here:
  http://xenbits.xen.org/gitweb/?p=people/iwj/security-process.git;a=shortlog;h\
=refs/heads/rebasing
The relevant changes are in master..rebasing.

I have put a copy of the bare HTML here:
  http://xenbits.xen.org/people/iwj/draft/security_vulnerability_process.html


This is v2 of the series of changes.  The only comments were minor and
technical, and have (I think) been addressed.  The changes in v2 of the
series compared to my previous patch-series proposal:
 * Add IMPLEMENTATION TASKS section to various of the commit messages
 * Minor wording changes (no semantic change compared to v1)
 * Better presentation of email addresses (no semantic change)

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v2 SECURITY-POLICY 9/9] Document changes in changelog and heading
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 7/9] Clarify and fix prior consultation text
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 5/9] Tighten, and make more objective, predisclosure list application
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 8/9] Clarify what announcements may be made by to service users
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 4/9] Use a public mailing list for predisclosure membership applications.
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 6/9] Explicitly permit within-list information sharing during embargo
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 2/9] Add headings
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 3/9] Deployment with Security Team Permission
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 1/9] Grammar fix: Remove a comma splice
  - From: Ian Jackson

References:
- [Xen-devel] [PATCH SECURITY-POLICY 0/9] Re: Security policy ambiguities - XSA-108 process post-mortem
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH v2 SECURITY-POLICY 2/9] Add headings
Next by Date: [Xen-devel] [PATCH v2 SECURITY-POLICY 6/9] Explicitly permit within-list information sharing during embargo
Previous by thread: Re: [Xen-devel] [PATCH SECURITY-POLICY 0/9] Re: Security policy ambiguities - XSA-108 process post-mortem
Next by thread: [Xen-devel] [PATCH v2 SECURITY-POLICY 1/9] Grammar fix: Remove a comma splice
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.