Xen project Mailing List

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Mon, 2 Jul 2012 16:20:47 +0100

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Mon, 02 Jul 2012 15:21:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 2012-07-02 at 16:17 +0100, Alan Cox wrote: > > I think the default of accepting the disclosers position is a good one. > > We want to encourage people to report such bugs to us and taking control > > away from them is a good way to discourage them. > > You do need a standard answer for when they don't. Agreed. > > This is probably better, but also ties into the question of public > > holidays in various territories. i.e. business day where... > > On a global basis you can't win. Saturday/Sunday are out, a chunk of the > middle of summer the French are all away, then Chinese have golden week > and so on and by the time you've blocked them all in your calendar is > basically full. > > It's a global community so the counterpoint is that while someone is > always on holiday, someone else is always at work. This is true. Perhaps rather than consider all consumers we just need to give consideration to those actually involved in creating / sending out the advisory i.e. the security@ team since having one of them be away at a critical juncture can throw a bit of a spanner into the works. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.