[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Formal Vote] Changes to Xen Project Security Vulnerability Process - Open until June 8th, 2015
On Mon, Jun 01, 2015 at 10:36:25AM +0100, Lars Kurth wrote: > Hi, > > in accordance with the project's governance, I would like to put the > following text changes to a committer vote (committers are on the TO list). > The discussion leading to the changes can be found at > http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html > <http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html> > > Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in > private and I will collate results on the 9th. +1 > > Regards > Lars > > Old text in http://www.xenproject.org/security-policy.html > <http://www.xenproject.org/security-policy.html> > --- > Specific process > ... > 4. Advisory pre-release: > > This occurs only if the advisory is embargoed (ie, the problem is not already > public): > > As soon as our advisory is available, we will send it, including patches, to > members of the Xen security pre-disclosure list. > > For more information about this list, see below. At this stage the advisory > will be clearly marked with the embargo date. > --- > > Proposed text (this adds an additional paragraph, while leaving the existing > text as-is): > --- > Specific process > ... > 4. Advisory pre-release: > > This occurs only if the advisory is embargoed (ie, the problem is not already > public): > > As soon as our advisory is available, we will send it, including patches, to > members of the Xen security pre-disclosure list. > > In the event that we do not have a patch available two working weeks before > the disclosure date, we aim to send an advisory that reflects the current > state of knowledge to the Xen security pre-disclosure list. An updated > advisory will be published as soon as available. > > For more information about this list, see below. At this stage the advisory > will be clearly marked with the embargo date. > --- _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |