|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Possible improvement to Xen Security Response Process
>>> On 12.12.16 at 18:11, <matthew.allen@xxxxxxxxxx> wrote: > I'll join in the bunfight with a stronger proposal (noting in passing > that according to https://xenbits.xen.org/xsa/ we are now expecting 5 > consecutive weeks of XSA announcements): > 1) Where practical, XSA public disclosures will be batched and announced > once per month. > 2) The calendar of disclosure dates will be published well in advance > and will avoid Fridays, weekends, or dates on or immediately before > widely respected public holidays. > 3) Issues will normally have at least 14 days pre-disclosure; this means > that an issue discovered immediately prior to a scheduled publication > date will normally not be disclosed until the next publication date. Hmm - this means 6 weeks of latency in the worst case. I don't think that's reasonable. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |