[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015



On Mon, Jun 01, 2015 at 10:36:25AM +0100, Lars Kurth wrote:
> Hi,
> 
> in accordance with the project's governance, I would like to put the 
> following text changes to a committer vote (committers are on the TO list). 
> The discussion leading to the changes can be found at 
> http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html 
> <http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html>
> 
> Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in 
> private and I will collate results on the 9th.

+1
> 
> Regards
> Lars
> 
> Old text in http://www.xenproject.org/security-policy.html 
> <http://www.xenproject.org/security-policy.html>
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already 
> public): 
> 
> As soon as our advisory is available, we will send it, including patches, to 
> members of the Xen security pre-disclosure list. 
> 
> For more information about this list, see below. At this stage the advisory 
> will be clearly marked with the embargo date.
> ---
> 
> Proposed text (this adds an additional paragraph, while  leaving the existing 
> text as-is):
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already 
> public): 
> 
> As soon as our advisory is available, we will send it, including patches, to 
> members of the Xen security pre-disclosure list. 
> 
> In the event that we do not have a patch available two working weeks before 
> the disclosure date, we aim to send an advisory that reflects the current 
> state of knowledge to the Xen security pre-disclosure list. An updated 
> advisory will be published as soon as available.
> 
> For more information about this list, see below. At this stage the advisory 
> will be clearly marked with the embargo date.
> ---

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.