[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [DRAFT] Coverity Access Policy

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Mon, 23 Sep 2013 15:42:09 +0100
Cc: Lars Kurth <lars.kurth@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Mon, 23 Sep 2013 14:42:24 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 2013-09-23 at 15:32 +0100, Andrew Cooper wrote:
> >  * agree to not disclose any issue discovered other than to the
> >    security team, unless this has been approved by the security team.
> 
> To help facilitate this, would it be sensible to have a separate mailing
> list @xenproject.org containing the approved coverity members?  Already,
> there have been several cases where I have requested a second opinion,
> or just as simple discussion about .  At the moment it is fine cc'ing
> security@xen and two other email addresses, but as more members join,
> this will get untenable.

That's certainly something to consider.

On a related not we should do as we do for the predisclosure list and
list the members and the affiliations publicly I suppose.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [DRAFT] Coverity Access Policy
  - From: Ian Campbell
- Re: [Xen-devel] [DRAFT] Coverity Access Policy
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [DRAFT] Coverity Access Policy
Next by Date: [Xen-devel] Usb passthrough with upstream qemu question
Previous by thread: Re: [Xen-devel] [DRAFT] Coverity Access Policy
Next by thread: Re: [Xen-devel] [DRAFT] Coverity Access Policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.