[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015



Hi,

in accordance with the project's governance, I would like to put the following text changes to a committer vote (committers are on the TO list). The discussion leading to the changes can be found at http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html

Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in private and I will collate results on the 9th.

Regards
Lars

---
Specific process
...
4. Advisory pre-release: 

This occurs only if the advisory is embargoed (ie, the problem is not already public): 

As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list. 

For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date.
---

Proposed text (this adds an additional paragraph, while  leaving the existing text as-is):
---
Specific process
...
4. Advisory pre-release: 

This occurs only if the advisory is embargoed (ie, the problem is not already public): 

As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list. 

In the event that we do not have a patch available two working weeks before the disclosure date, we aim to send an advisory that reflects the current state of knowledge to the Xen security pre-disclosure list. An updated advisory will be published as soon as available.

For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date.
---
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.