This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: Security vulnerability process - last call

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: Security vulnerability process - last call
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 19 Jul 2011 12:07:46 +0100
Delivery-date: Tue, 19 Jul 2011 04:10:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19998.52380.356516.189861@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <19998.52380.356516.189861@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I wrote:
> We received some comments and based on that I have prepared a new
> final draft.  The changes ought not to be controversial.
> Please send any final comments by the 28th of July (14 days from
> now).  Unless there are objections, we will regard the process as
> formally in force from that date.
>    Public advisories will be posted to xen-devel.

We should send these also to some more general list.  So we should
probably post them oss-security [0].

And we should document in the process that we will CC the MITRE CVE
contact address with public advisories to try to make sure that the
MITRE database is updated.


[0] http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>