|
|
|
|
|
|
|
|
|
|
xen-devel
RE: [Xen-devel] New Email Account for Security
James Harper writes ("RE: [Xen-devel] New Email Account for Security"):
> Is there a reason why this shouldn't just be another mailing list? Or
> maybe I don't understand the purpose...
The purpose is to provide a point of contact for someone who thinks
they have found a security problem (ie, a security bug) in Xen and
would like to contact someone in confidence about it. A bit like
vendor-sec but Xen-specific.
The list or alias (it doesn't really matter how it's implemented)
needs to have approval on subscriptions so that the confidentiality
can be maintained but the main Xen vendors should have no problem
getting onto it. Given that, and the smallish size, running it as an
alias seems reasonable.
Just to be clear, it's not a list for general discussion of security
in Xen or possible new security functionality or TPM development or
anything of that kind. It's just for vulnerability reports.
Reporters who prefer immediate full disclosure, rather than
`responsible disclosure' to a group of vendors, can continue to use
xen-devel.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|