WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] New Email Account for Security

from [Ian Jackson] [Permanent Link][Original]
To: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] New Email Account for Security
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 6 May 2008 18:26:12 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Stephen Spector <stephen.spector@xxxxxxxxxx>
Delivery-date: Tue, 06 May 2008 10:26:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <AEC6C66638C05B468B556EA548C1A77D013DC6C4@trantor>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Newsgroups: chiark.mail.xen.devel
References: <E3ADFAD82A5FE147AEF0C82912BC00200388A697@xxxxxxxxxxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D013DC6C4@trantor>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
James Harper writes ("RE: [Xen-devel] New Email Account for Security"):
> Is there a reason why this shouldn't just be another mailing list? Or
> maybe I don't understand the purpose...

The purpose is to provide a point of contact for someone who thinks
they have found a security problem (ie, a security bug) in Xen and
would like to contact someone in confidence about it.  A bit like
vendor-sec but Xen-specific.

The list or alias (it doesn't really matter how it's implemented)
needs to have approval on subscriptions so that the confidentiality
can be maintained but the main Xen vendors should have no problem
getting onto it.  Given that, and the smallish size, running it as an
alias seems reasonable.

Just to be clear, it's not a list for general discussion of security
in Xen or possible new security functionality or TPM development or
anything of that kind.  It's just for vulnerability reports.

Reporters who prefer immediate full disclosure, rather than
`responsible disclosure' to a group of vendors, can continue to use
xen-devel.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Time went backwards errors booting unstable cs 17557with 64GB memory, Carb, Brian A
Next by Date:  Re: [Xen-devel] [RFC] PVFB: Add refresh period to XenStore parameters?, Samuel Thibault
Previous by Thread:  RE: [Xen-devel] New Email Account for Security, James Harper
Next by Thread:  [Xen-devel] issues adding a small hypercall to Xen, Mohapatra, Hemant
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy