[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
From: John Haxby <john.haxby@xxxxxxxxxx>
Date: Fri, 06 Jul 2012 15:36:59 +0100
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Lars Kurth <lars.kurth@xxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Fri, 06 Jul 2012 14:37:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 04/07/12 16:09, Stefano Stabellini wrote:
>>> > > In practice, given the terms of the GPL, we cannot restrict anybody on
>>> > > the list from releasing the source of the fix before the embargo ends.
>> > 
>> > Of course. It's an agreement between the list members to not
>> > disclose anything.
> Yes, but an agreement that cannot be legally enforced.

I don't see that that is an issue.

Taking linux-distros as an example, an embargo date cannot be enforced
as there is no legal framework in which to enforce it.   Everyone
involved agrees to respect the embargo dates.   If an individual or
organisation repeatedly flaunted the embargo dates they would likely
find themselves removed from the list although, to my knowledge, this
has not happened.

For the list to work, the members need to cooperate: it is in their own
interest to cooperate, legal frameworks aren't required.

jch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Matt Wilson
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Stefano Stabellini
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: George Dunlap
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Jan Beulich
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: George Dunlap
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Stefano Stabellini
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Jan Beulich
- Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [PATCH 08 of 10 v3] libxl: enable automatic placement of guests on NUMA nodes
Next by Date: Re: [Xen-devel] [PATCH 10 of 10 v3] Some automatic NUMA placement documentation
Previous by thread: Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
Next by thread: Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.