[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Final Community Review] Xen Security Problem Response Process v2

Dear Community Members,

In the last update about the security problem response process changes (http://blog.xen.org/index.php/2012/12/17/security-disclosure-process-discussion-update), we promised a vote in mid-January. Near the end of the window, some additional changes were proposed, and we were somewhat sidetracked with launching Xen as a Linux Foundation Collaborative Project.

As this process impacts many Xen users, we feel that it is prudent to run through a final week of community review (closing on Monday May 20th).

The proposal can be found at

Significant changes to the document are:
- Expand eligibility of who can join the predisclosure list
- Clarify definitions of who can join the predisclosure list
- Clarify information that needs to be supplied when joining the predisclosure list
- Change e-mail alias to security@xenproject

Review comments are to be posted in response to this thread (on xen-devel and xen-users). Please do not revisit arguments, which have been made at length in previous discussions. Hopefully, we got this right now and can move forward with a formal vote in the last week of May and get the new process implemented.

Best Regards

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.