|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Impact of HW vulnerabilities & Implications on Security Vulnerability Process
> On 8 Sep 2016, at 12:12, Ian Jackson <ian.jackson@xxxxxxxxxxxxx> wrote:
>
> George Dunlap writes ("Re: Impact of HW vulnerabilities & Implications on
> Security Vulnerability Process"):
>> What's the conclusion here -- are you inclined to say that we shouldn't
>> issue an XSA, but perhaps do some other sort of announcement?
>
> I would like us to _either_ issue an XSA or some other sort of
> announcement.
xen-announce@ and XSA's go to the same group of people: with the exception that
xen-announce@ may not
cover all people on the pre-disclosure list and we may not hit the people who
poll http://xenbits.xen.org/xsa/
I would prefer not to use an XSA, as I laid out before.
It seems that Ian has a slight preference not to be constrained by the XSA
format.
Using xen-announce@ allows us to set up more context (e.g. including to some of
the
related studies covering other hypervisors, ...). Secondly xen-announce@ is
less formal
and thus the risk that the media will pick it up is significantly lower.
But I also think that this should contain some practical and useful advice.
Regards
Lars
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |