[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC PATCH] Make Security Policy Doc ready to become a CNA





On 20 Mar 2018, at 17:38, George Dunlap <george.dunlap@xxxxxxxxxx> wrote:

On 03/19/2018 04:37 PM, Lars Kurth wrote:
And this time with patch: note to myself - never try sendmail with --compose again (-;

This patch contains a proposal to change https://xenproject.org/security-policy.html 
such that it points to SUPPORT.md. Having scope and process information is necessary
to become a CNA. This is the last piece, before formally asking to become a CNA.

To make the review of this easier, I based it on xenbits:/larsk/governance.git
(contains the pandoc as published today and the html)

Regards
Lars
---
[PATCH] Make Security Policy Doc ready to become a CNA

To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md

Expected changes:
- Resend once the URL that is currently open has been agreed
 with Ian Jackson

Signed-off-by: Lars Kurth <lars.kurth@xxxxxxxxxx>
---
security-policy.pandoc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..22e274b 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,6 +19,14 @@ Scope of this process

This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
+Specific information about features with security support can be found in
+
+1.  [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+    in the releases' tar ball and its xen.git tree and on
+    [web pages generated from the SUPPORT.md file](add URL)

Not sure we should include the direct (ugly) link.  Other than that
looks OK to me.

No strong opinion either way. There is no real harm in having it and it's just a link on the final document
Lars
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.