[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 00/15] Argo: hypervisor-mediated interdomain communication



On Wed, 13 Feb 2019, Rich Persaud wrote:
> On Feb 4, 2019, at 13:22, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
>       On Mon, 4 Feb 2019, Roger Pau Monné wrote:
>                   Yes, v7 was sent to address Jan and Julien's review 
> comments in parallel
> 
>                   with our ongoing discussion on v5 macros. v7 also provided 
> a checkpoint
> 
>                   for Argo testers to maximize test coverage as the series 
> converges into
> 
>                   a Xen 4.12 merge candidate for Juergen. It addressed:
> 
> 
>                   - Jan's v6 review comments
> 
>                   - Julien's v1 review comment
> 
>                   - most of your xen-devel and offline review comments
> 
> 
>             I think it will benefit the community to give this review in 
> public,
> 
>             so other reviewers know whats going on. IMO getting this private
> 
>             review makes it harder for me (as a reviewer) to know the 
> motivation
> 
>             of some of the changes between versions, and likely also makes it
> 
>             harder for you since you have to keep track of comments from 
> multiple
> 
>             sources on different channels.
> 
> 
>       There is one more reason to require public comments which I have only
>       learned recently: for safety certifications we need to keep a record of
>       all review comments and patches that address them for traceability.
> 
> 
> Do you mean:
> 
> (A) all _merged_ patches and their review comments
> 
>  or
> 
> (B) all comments and patches (merged or not) that address them
> 
> i.e. would the certification process be seeking traceability of 
> safety-impacting patches (code, scenario A) or decisions
> (including decisions to leave code unchanged, scenario B)?

I meant (A), however, I don't know specifically if anything from (B) is
also required.


> If you mean (B), would we need an update to the Xen Security Problem Response 
> Process [1]?  e.g. public archive of all comments
> from pre-disclosure discussion, along with content hashes stored immutably?  
> Rich
> 
> [1] https://www.xenproject.org/security-policy.html

I don't think the archives of the pre-disclosure security discussions
need to be public, but they probably need to be available.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.