Xen project Mailing List

[Xen-devel] [RFC PATCH] Make Security Policy Doc ready to become a CNA

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>, "security@xxxxxxxxxxxxxx" <security@xxxxxxxxxxxxxx>

From: Lars Kurth <lars.kurth@xxxxxxxxxx>

Date: Mon, 19 Mar 2018 16:37:42 +0000

Accept-language: en-GB, en-US

Delivery-date: Mon, 19 Mar 2018 16:58:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHTv6CZDwulrs/yNkKStKVgJQINfQ==

Thread-topic: [RFC PATCH] Make Security Policy Doc ready to become a CNA

And this time with patch: note to myself - never try sendmail with --compose again (-; This patch contains a proposal to change https://xenproject.org/security-policy.html such that it points to SUPPORT.md. Having scope and process information is necessary to become a CNA. This is the last piece, before formally asking to become a CNA. To make the review of this easier, I based it on xenbits:/larsk/governance.git (contains the pandoc as published today and the html) Regards Lars --- [PATCH] Make Security Policy Doc ready to become a CNA To become a CNA, we need to more clearly specifiy the scope of security support. This change updates the document and points to SUPPORT.md and pages generated from SUPPORT.md Expected changes: - Resend once the URL that is currently open has been agreed with Ian Jackson Signed-off-by: Lars Kurth <lars.kurth@xxxxxxxxxx> --- security-policy.pandoc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/security-policy.pandoc b/security-policy.pandoc index 5783183..22e274b 100644 --- a/security-policy.pandoc +++ b/security-policy.pandoc @@ -19,6 +19,14 @@ Scope of this process This process primarily covers the [Xen Hypervisor Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484). +Specific information about features with security support can be found in + +1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md) + in the releases' tar ball and its xen.git tree and on + [web pages generated from the SUPPORT.md file](add URL) +2. For releases that do not contain SUPPORT.md, this information can be found + pm the [Release Feature wiki page](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features) + Vulnerabilties reported against other Xen Project teams will be handled on a best effort basis by the relevant Project Lead together with the Security Response Team. @@ -401,7 +409,7 @@ Change History -------------- <div class="box-note"> - +- **v3.18 March 19th 2017:** Added reference to SUPPORT.md - **v3.17 July 20th 2017:** Added Zynstra - **v3.16 April 21st 2017:** Added HostPapa - **v3.15 March 21st 2017:** Added CloudVPS (Feb 13) and BitDefender SRL -- 2.13.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.