[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015

To: Lars Kurth <lars.kurth.xen@xxxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Mon, 1 Jun 2015 13:59:53 -0400
Cc: keir Fraser <keir@xxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Major Hayden <major.hayden@xxxxxxxxxxxxx>, "<xen-devel@xxxxxxxxxxxxx>" <xen-devel@xxxxxxxxxxxxx>, security@xxxxxxxxxxxxxx
Delivery-date: Mon, 01 Jun 2015 18:00:08 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, Jun 01, 2015 at 10:36:25AM +0100, Lars Kurth wrote:
> Hi,
> 
> in accordance with the project's governance, I would like to put the 
> following text changes to a committer vote (committers are on the TO list). 
> The discussion leading to the changes can be found at 
> http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html 
> <http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html>
> 
> Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in 
> private and I will collate results on the 9th.

+1
> 
> Regards
> Lars
> 
> Old text in http://www.xenproject.org/security-policy.html 
> <http://www.xenproject.org/security-policy.html>
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already 
> public): 
> 
> As soon as our advisory is available, we will send it, including patches, to 
> members of the Xen security pre-disclosure list. 
> 
> For more information about this list, see below. At this stage the advisory 
> will be clearly marked with the embargo date.
> ---
> 
> Proposed text (this adds an additional paragraph, while  leaving the existing 
> text as-is):
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already 
> public): 
> 
> As soon as our advisory is available, we will send it, including patches, to 
> members of the Xen security pre-disclosure list. 
> 
> In the event that we do not have a patch available two working weeks before 
> the disclosure date, we aim to send an advisory that reflects the current 
> state of knowledge to the Xen security pre-disclosure list. An updated 
> advisory will be published as soon as available.
> 
> For more information about this list, see below. At this stage the advisory 
> will be clearly marked with the embargo date.
> ---

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015
  - From: Lars Kurth

Prev by Date: Re: [Xen-devel] [PATCH] libxl: Don't insert PCI device into xenstore for HVM guests
Next by Date: Re: [Xen-devel] [PATCH v2 net] xen: netback: read hotplug script once at start of day.
Previous by thread: [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015
Next by thread: Re: [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.