[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

On Mon, 2012-07-02 at 16:17 +0100, Alan Cox wrote:
> > I think the default of accepting the disclosers position is a good one.
> > We want to encourage people to report such bugs to us and taking control
> > away from them is a good way to discourage them.
> You do need a standard answer for when they don't.


> > This is probably better, but also ties into the question of public
> > holidays in various territories. i.e. business day where...
> On a global basis you can't win. Saturday/Sunday are out, a chunk of the
> middle of summer the French are all away, then Chinese have golden week
> and so on and by the time you've blocked them all in your calendar is
> basically full.
> It's a global community so the counterpoint is that while someone is
> always on holiday, someone else is always at work.

This is true. Perhaps rather than consider all consumers we just need to
give consideration to those actually involved in creating / sending out
the advisory i.e. the security@ team since having one of them be away at
a critical juncture can throw a bit of a spanner into the works.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.