WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] New Email Account for Security

James Harper writes ("RE: [Xen-devel] New Email Account for Security"):
> Is there a reason why this shouldn't just be another mailing list? Or
> maybe I don't understand the purpose...

The purpose is to provide a point of contact for someone who thinks
they have found a security problem (ie, a security bug) in Xen and
would like to contact someone in confidence about it.  A bit like
vendor-sec but Xen-specific.

The list or alias (it doesn't really matter how it's implemented)
needs to have approval on subscriptions so that the confidentiality
can be maintained but the main Xen vendors should have no problem
getting onto it.  Given that, and the smallish size, running it as an
alias seems reasonable.

Just to be clear, it's not a list for general discussion of security
in Xen or possible new security functionality or TPM development or
anything of that kind.  It's just for vulnerability reports.

Reporters who prefer immediate full disclosure, rather than
`responsible disclosure' to a group of vendors, can continue to use
xen-devel.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>