[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/11] Xen PCI Passthrough security fixes



On 2 June 2015 at 16:32, Stefano Stabellini
<stefano.stabellini@xxxxxxxxxxxxx> wrote:
> On Tue, 2 Jun 2015, Stefano Stabellini wrote:
>> Hi all,
>>
>> the following is a collection of QEMU security fixes for PCI Passthrough
>> on Xen. Non-Xen usages of QEMU are unaffected.
>>
>> Although the CVEs have already been made public, given the large amount
>> of changes, I decided not to send a pull request without giving a chance
>> to the QEMU community to comment on the patches first.
>
> Peter convinced me to send out a pull request immediately. If anybody
> has any comments on the patches, we can still fix them up later or even
> revert them if that becomes necessary.

For the record, the rationale is:
 * fixes for CVEs will have been reviewed during the nondisclosure period
 * getting security fixes into master in a timely fashion is important
 * having the patches in upstream master be different from the ones
   advertised with the CVE can cause confusion about which are "correct"
 * if there are any problems with the CVE fixes (stylistic or otherwise)
   we can correct them with followup patches

Our workflow/process for handling security issues is not set in
stone (indeed it's evolving a bit at the moment), so comments/suggestions
welcome.

thanks
-- PMM

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.