[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

On Tue, 3 Jul 2012, George Dunlap wrote:
> That said, it still introduces unfairness

Considering that the members of the security disclosure list are public
(http://www.xen.org/projects/security_vulnerability_process.html) and
considering that some of them are service providers, if I am a costumer,
why would I ever choose a provider that is not in that list?

Having that list on the website is like writing: "please choose one of
the providers in the list below as they have a better security

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.