[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process - confirmed



Hello Ian,

Monday, December 12, 2011, 5:37:46 PM, you wrote:

> It's time we made this policy official.  There was only one change to
> make during "last call" discussion, and with that I think we have
> consensus.

> Changes from the final draft:

>   * Increase the standard embargo period from one week to two,
>     as discussed in the last call.

> The final version, below, will go on the xen.org website shortly.

> Thanks,
> Ian.

>             xen.org security problem response process
>             -----------------------------------------

<big snip>

> 3. Advisory public release:

>    At the embargo date we will publish the advisory, and push
>    bugfix changesets to public revision control trees.

>    Public advisories will be posted to xen-devel.

>    Copies will also be sent to the pre-disclosure list, unless
>    the advisory was already sent there previously during the embargo
>    period and has not been updated since.


shouldn't this include at least xen-users and xen-announce, and perhaps a 
special read only list for security advisories ?

<big snip>


--
Sander


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.