WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

[Xen-devel] Re: Security vulnerability process - last call

from [Ian Jackson]

[Permanent Link][Original]

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] Re: Security vulnerability process - last call
From:	Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date:	Tue, 19 Jul 2011 12:07:46 +0100
Delivery-date:	Tue, 19 Jul 2011 04:10:47 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<19998.52380.356516.189861@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<19998.52380.356516.189861@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

I wrote:
> We received some comments and based on that I have prepared a new
> final draft.  The changes ought not to be controversial.
> 
> Please send any final comments by the 28th of July (14 days from
> now).  Unless there are objections, we will regard the process as
> formally in force from that date.
...
>    Public advisories will be posted to xen-devel.

We should send these also to some more general list.  So we should
probably post them oss-security [0].

And we should document in the process that we will CC the MITRE CVE
contact address with public advisories to try to make sure that the
MITRE database is updated.

Ian.

[0] http://oss-security.openwall.org/wiki/mailing-lists/oss-security

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Security vulnerability process - last call, Ian Jackson [Xen-devel] Re: Security vulnerability process - last call, Ian Jackson <= [Xen-devel] Re: Security vulnerability process - last call, Eugene Teo Re: [Xen-devel] Re: Security vulnerability process - last call, Ian Campbell

Previous by Date:	Re: [Xen-devel] Re: Upstream QEMU and Xen unstable not working, Stefano Stabellini
Next by Date:	[Xen-devel] Re: [xen-4.1-testing test] 8140: regressions - FAIL, Ian Jackson
Previous by Thread:	[Xen-devel] Security vulnerability process - last call, Ian Jackson
Next by Thread:	[Xen-devel] Re: Security vulnerability process - last call, Eugene Teo
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix