From predisclosure-applications-bounces@lists.xenproject.org Fri Jan 03 11:01:58 2020
Return-path: <predisclosure-applications-bounces@lists.xenproject.org>
Envelope-to: archives@lists.xenproject.org
Delivery-date: Fri, 03 Jan 2020 11:01:58 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <predisclosure-applications-bounces@lists.xenproject.org>)
	id 1inKiL-00014i-Bl; Fri, 03 Jan 2020 11:01:57 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89)
 (envelope-from <SRS0=iADc=2X=freedom.press=jen@srs-us1.protection.inumbo.net>)
 id 1in8ZD-0005ls-Hg
 for predisclosure-applications@lists.xenproject.org;
 Thu, 02 Jan 2020 22:03:43 +0000
X-Inumbo-ID: bcc42864-2dab-11ea-a3e0-12813bfff9fa
Received: from npomail1.electricembers.net (unknown [208.90.215.73])
 by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id bcc42864-2dab-11ea-a3e0-12813bfff9fa;
 Thu, 02 Jan 2020 22:03:42 +0000 (UTC)
Received: from private by npomail1.electricembers.net;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=freedom.press; s=mail;
 t=1578002621; bh=VCr8YEExh5F2z6vYXfuma9z6rR3qzcoaCGefwgfS1PE=;
 l=10000; h=From:To:Subject:MIME-Version:Content-Type;
 b=QeuODZjvQDEK7XeBgEcxtpy1QF+lZxaOHJHTJR+lWWkeTubpsnwpQzHoMU4b5O/7B
 4JBVqIn1Txy9Ki5B5IdIwCg3uSkrFszrL5cYF5GVX/en9Ti7sdc5wwMdKrYgz9kHiv
 M7RC66bwhU9VbUiKX9qVefTP9UDIQ/csrYUGF5MpKAL0FrN07fxZHEBftkSO21z99K
 fGy7scppLwfHhcskBjsdXXlmRq+ozoOf1q6rVx3ED0MOBELPBvxtbPL6+mBzTixFPx
 Xpz8rMPrFDaKwa2ijUX7ZTnZSWa9u/JMAfwzYZqXf08qVS5SfG2xqbU4DA+CL2JWQr
 0bz8XHnYvT+Qw==
From: Jennifer Helsby <jen@freedom.press>
Openpgp: preference=signencrypt
Autocrypt: addr=jen@freedom.press; prefer-encrypt=mutual; keydata=
 mQINBFeRulQBEADjusVDkRxz1fT3rYRfj0Ktlvh3SeqKC3OjUFDI9/morqPDXCxCVm9dWvRJ
 qQnGWix+7cBwp2d96CoJrchxXojNLPgZ57C0EtXNu1i3SMYrppSD6hT/ZdGlHUONgVO4rfV5
 gOvKHPhiWf+omD72VtfiTV3W2KG2l6v/IRP+kjcKj09A9PqlO49eK95cP3ErzbnGWR9UNA0r
 RDgf9nX0RlQXgTTY9dMCdD2HOUPXVUnetenokvuBC3B42l2LkTx76poKcyxf3LsAY6D7e4GU
 NXhsW65Maj0KM49dtDcMh7bP7fLYcxBj3mx+Y5xpzgzqUqYjEV6ytxLCTYdEgV3W3+9pPzDH
 UVk0FTZcfpRVJEF1a0yIkO9lZzxF3KojW8ZV1srLpeXiyhzaKqR326lx+ek9gKktfwiioWKb
 5IWbGGCgncXP9QS4xkIZqJufY4cVULTyDC4/AG4Rxlp1+10OzoMhI4CAyq0tVYXtfpN4Qagw
 ZJstqZWFu/1W7EVr1cU4TMYkMwh95mOZi5rkq8gr449SzGC8xYL57BBFss3PTwmY/RKVQcXo
 DByOe/uVhDj7KvuEUh/bh4NOhEGIs7m647PTaKrmm9l6wvADhUQrvIyE39Jw9WwE/vznr4s6
 kLjFv7zGE7jh9WHkC7mcf+9dqR80XjoKaOqHWtxGoxcNPa0VJQARAQABtCNKZW5uaWZlciBI
 ZWxzYnkgPGplbkBmcmVlZG9tLnByZXNzPokCNwQTAQoAIQUCV5G6VAIbAQULCQgHAwUVCgkI
 CwUWAgMBAAIeAQIXgAAKCRDaBbfFKrrzNEKRD/9u1EmsircQzCy92F81aX2Ptu9II40Z1pbA
 4qryP8tQTM4biMy1ayjpiFjovYZa+vrZ0hVTSuin5ZQ0dI73tBCi5FSycsowXALvEIeApuVX
 JKaC/7gnO4QNFhDHiW+M4kORllFgtex6IuSOzcUIT+oqGHS8eB8cl1N9lLOMU5/PCo50IoU9
 WrrmF0f9EKhlkD5snDQy20gc+J+ukUg7cNpSPVaFAXZs/0CIvvuMv3tp2/VqlF5x1xW7Q8I5
 JUAnPSyQ4pWOlnfbEwsIjyagDicV940iOxTL8vq92vKLFOw/EmNYUs89ebH3WNfhYAWiMtOL
 o0hgc1qNsCPdovASZ0skBGMzmT+Nvfgb4VYuLMl5/tm9etgcdv+hb8Oo6zxUwQLETKiPiWkZ
 tzUEczMAw8pz0j4h2Y2K6+ryXJTbqcwwZY2DoYwrENWkd+TdPHYgvinPplmiHH7wcl7oKoy5
 oGw7knwkgB7jO7F2R7qUhPg1I0E+fiXCwStTJ0yeXqoNvKwXW22460Tjs3vl21hZo6sr8hF8
 2xZdfbzprwejJ2T1pJbya6YT+nv4fH1p1wc8ooeOgWKjVWtCig6wojSiKQ4AjKa4RVL9/8gX
 q+5u7NSxUxOMqfTNWbxR3GDBZjxBA/o1XLIxnRAlfwD8c3UrhRC77P6HrP5wSYZF+/i5ZJds
 O7kCDQRXkbr/ARAAl+R3VpHh3Q5v6Bf8ZP6zLS693A0AseJPPo4wwCOfCvRZWLIVgrdkHuK3
 vSjafLSsL1m67FUb6AXHmE4YWEp/gr0mj25JSSMCegXfh+wbyhKzmzZL6uiUKuJug8uIBZRp
 uDTAfV34ssZ0CL8aHsntb/RFydANimOV+qLwV/HS4NEPVicnmYkyOhvJ2xZq7VHiTm6lwjyZ
 KxcFeOvWIrrKmc4fHQYyiEExH7xaBTDOSmlXTY5Ae5waA1/tS5SV3UixoRiHb6giUusIJsDV
 4PHnyAYiuBlk7tjP9yAHXyvGPA6XO9TBWuycRqgZ1Tm06prB460RpNEd9EY4Vr8Bugs6YMbu
 ldxJwOL5n46l0PdaMhrBNyJPwt4p5cxcm8f4kt8QvLh/t/Jh2oU2gaNuIoQXl1NUBdwcMoDb
 owuEIUFk1IecQt8v38INFHWJ0r7VrJzreG0OWcUSwxGPe4FOkdmwNgmRCCLC74ThGegXVJNw
 njqk3Ean8bPcOROmMyEHEJ8j+wxkTMfQtCcw4CQlFDcNjMrGV6iBncI0y2Fjg5TvkpC0rqSQ
 o+PgfcSppXIY9TedfjphhVihM7isMg9icjEs++kSvaM5ajzHbOEZe0J3lAv5L9bxZR38zzF7
 H8ofFQRPG6zzIE+X/XRBl5pIRz8ERQaSuwyquE5HlFWXjX7R5L0AEQEAAYkCJQQYAQoADwIb
 DAUCXTdcpgUJC0k8IwAKCRDaBbfFKrrzNGnHD/95czk6B5qeR8+KrR5AVrSUk7tBorrXK4ze
 0Gr30cAPmLtBjsWBbPuHZFXpzijCoVrRCNBmlMb0p7PJudh90Voi+Ggse80WeXsYu2bjDCFv
 cTmaFXgA8gGZ0pnMOnz8ltc7tsZrPiQw457zQO97v18h02Ka5JkZNo/BbfN5fRuVU3T14GR4
 ELg4tRFVACejyjWsn+pwN5w2s0cbu3KUBvySoFSo4CATmIiXCmoUtHAc9/pBebzSo40dxcSY
 v3kpCx/F4OXpai2YECeUXA6TlOlVhVm7joX00FThQgi728h3rdit4CXSlaz/I4WxXvSzgDe3
 kiFxN+/2w2ZQafcjdkuuiQ2yeJPQds/SvNPbbvEnBM9aF2Rqt/IYKsGKPg8QuEvOFfhyzFa1
 7ybngTGaLta4MNj1FOWSEvjxLTVXiuRBamM9IL0wmfec5KUhJU/IN/+URUeW0W+lQ6m1+M4s
 D2mx0hvEYe8lx3o4lks6Bbm/dWqnUwdsA2cWn0R9dnMt7b8b997XaRXy528eQ3XnBEs+sMVm
 pX4q1eiibur6OZ2zM8au29Naea5+1Y0AgJQRV8eYVwgYmRdjHMyVDCJsdnDp8C+1iZReZclu
 aKSWP2olYdn5v0OclneI5iN67mANUY+STQS5H/TNtQyhbHkGnszyzkjKygVIgWw/J9GJ/5w3
 SLkCDQRXkbqoARAAvguQQmy0DyZOmZXfFYNfMm95bPPZOUpvvjBARrh2IGPlMl3xtserNMje
 lFYkkRRsACtxqRxq3TTSJpKI0vvpNLLpqN6shwNUQ3qz2yIAvW+aEKVi7HLOWv71JSQVbmlk
 Zk3UghGP/0iIfurB8m8QmP97oOdsWBiRTr9Wp5tYUjUz/QlNOt3sIYTBE2wnu2f/ivpyRTUm
 LuNr0rbvSsCu/i1CPul9vj01YOXBpIUeQlCMK1uyOwPvEOcaRxeYICOVginEY6UDUMNRJZth
 M8+vEVAdWCqbI1CLWF6PbWshhhyqbuVXmZWOPcVzQfW7k+bsysaAteTu8QFCJT9Y5wG8QM+D
 0IS+I7ChKmKN2VrAlHr4irKwvxhWVOIXaIZr1GLw8bGWUTwjZOi/R+8V+WCRCwlRcR72Kklm
 8JyBCGoeA9ML+tS9AHl/c9JIdlsTvGMsMaMPV41rhta8jx0z+OlpnytRbcmtUFYrfLGfOScs
 +v2BFrYr45DZVB2vvooRBRF9qPq8EsSFHauxoibWjamc0mHH4DEG0yVwuHh4bJLi3pUAAl1d
 +p8YyJoQhPjRrrNSjWJBJw7YbgH785EeU2JwMtGohhMDNxMwt61fYxS7Nj2yjjyD9fBJLOBQ
 5JztwT1AdAgWIjqRHpaPt5rxWUj8QuCIbrIK0B6sMLfYqQHA7v0AEQEAAYkERAQYAQoADwIb
 AgUCXTdcvAUJC0k8kAIpwV0gBBkBCgAGBQJXkbqoAAoJELB+gGVqzZUBKvkP/Rxa9NSIlw/l
 6tRfaymO2jynqJe850gSGWBVnxVWiNGw8PhlqfStJdROIwOQ77axdpRVD3b28QL6Xy1hFD2S
 9QpZ+4HnnNrLHKvkVOe3+9+0RBNEpNpnloeMqT3QqEqEP4U8EAOXTbzI6lZSAOJk4mO/E8rL
 IBq9MzrHmOuwbk6Zg7qudHNWuhCT4ab01ue2CR5tSZf0eQwVsRhVz0ZIRRceFMHtNf2hUHOx
 Z8HtaKnQXqRTQXV+IA5vPnBfwFih+ZvRCvsqNFOrFk/oU3KhQ2Xy3bO4T4okiMXf6ax1+cEN
 92j9h8Z5KFDWl7IEtWYLDRZNv10IWpN7T0USDthreD9SlP6iK91Vie+f22lF8o6/jbPL+B/r
 KIvBCwfz6AlKNGlOyMvCCTk7dAZSiq55CNSLgoRh/r3WxgfAJ3A0ivTclwnIqFuskHdRB8we
 UaPdZ0fEHbwuMW4K5SoDzRVaadZqzOcwlugCasqYQ3ZmQQBkUcIxc1tJWnyDm252lFiPmxmA
 3HZDbBZ58fIQ/SkDyIjHikfUhcqVsxXpFAKRxkIsNfTzCueWg1boBM1scmOPrv7nTF8MNLeD
 7/ID1IqRXjL8+ea0cTo0qV4nCK3VrlKdv+clipHxXc2a7yLIelVkrwMEFgD9cFAt3tNs1j6O
 Pvs3dLypqg7h9miSrsBJJYOeCRDaBbfFKrrzNF1FD/9iBieWFr8lRd3XFFfHwCiPUCoEGCkl
 u3edHj2CRjkwTntdkquGlpNwF+nz1IpWKgCkRfKIBIDmwrCZLTJ9YfTV1aS/8HLS5V78hbMl
 VpcsEaPVf9HblGjcIIf0QiIdLe9abw7wGrJkZXEGU4ebDP++eVijEgTQyVDCUPe4FpvPZ2Ql
 jOCwjQ1esCgXyx5trWlKICd/qLQaJEkZlV1oytfNFAdhHPket3SsD9X6nis772mC6AIDTpNs
 tLc36GVPGJu8aXQTy+WC+ZCaaCcU1ieEQ74Hrb7IjwVh7WIhkgn4+aDx91YDWPYNIPhAuPAX
 uAI9gFtm67+Z3qaYLkVaTJEg0BRkmGVS3W+JpycMl2aYtNBL3XACx+83qyNdqlg3FuI3FJSL
 KI/CA+tCNlTvjLIyshj6q2BUUS4XoWMigQ/79wqM1RZ1ZFjTk4LRWd3GJI5KWSSdNb2MqL7l
 MZZRpQYdJTB/ndc84zVk6M8qoSJtz5o3GCrniBabmrrWqcxcfxJv201c7GIo4mSbLiOgWYdy
 sx1AFaR5F98fdv2mNE6CrMgtM1wV4oRu0P3rD1/RrZ9T/xhiUc2dg3rgQMUCJMVibNVurRFN
 oCf1T0JsTTrO8A/xuyesgTXQFMcL21LYSr1JBSOCZbrAegVcp96Z8Ip3YBARPXEkgbFk0kjW
 6FGVFg==
To: predisclosure-applications@lists.xenproject.org
Message-ID: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
Date: Thu, 2 Jan 2020 17:03:31 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0)
 Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
X-Mailman-Approved-At: Fri, 03 Jan 2020 11:01:57 +0000
Subject: [Predisclosure-applications] SecureDrop / Freedom of the Press
 Foundation request
X-BeenThere: predisclosure-applications@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Applications for membership of Xen Security Advisories Pre-disclosure
 List <predisclosure-applications.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:predisclosure-applications@lists.xenproject.org>
List-Help: <mailto:predisclosure-applications-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=subscribe>
Cc: security@freedom.press
Content-Type: multipart/mixed; boundary="===============6734818444329776457=="
Errors-To: predisclosure-applications-bounces@lists.xenproject.org
Sender: "Predisclosure-applications"
 <predisclosure-applications-bounces@lists.xenproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6734818444329776457==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="ztFNEu9xBFsLCov9VYVmg3Qf46ORqu9lE"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ztFNEu9xBFsLCov9VYVmg3Qf46ORqu9lE
Content-Type: multipart/mixed; boundary="mMWyDNkyIbyQcCXOMY7KBXHZYvR18tTXH";
 protected-headers="v1"
From: Jennifer Helsby <jen@freedom.press>
To: predisclosure-applications@lists.xenproject.org
Cc: security@freedom.press
Message-ID: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
Subject: SecureDrop / Freedom of the Press Foundation request

--mMWyDNkyIbyQcCXOMY7KBXHZYvR18tTXH
Content-Type: multipart/alternative;
 boundary="------------64E18C3B239CB4395594038F"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------64E18C3B239CB4395594038F
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

**

    **

**

*Hello list members, SecureDrop / Freedom of the Press Foundation would
like to apply to join the Xen pre-disclosure list. ***As background, Secu=
reDrop is a whistleblowing platform used by dozens
of news organizations including the Washington Post and the New York
Times to accept and triage tips from journalistic sources. It is
currently supported by Freedom of the Press Foundation.* > The name of
your organization: Freedom of the Press Foundation **> Domain name(s) whi=
ch you use to provide Xen software/services:
https://securedrop.org, https://freedom.press **> A brief description of =
why you fit the criteria**: The SecureDrop Workstation ***(https://github=
=2Ecom/freedomofpress/securedrop-workstation/)* is a
product used by journalists at news organizations which relies on the
security and isolation properties of the Xen hypervisor (via QubesOS)
for opening potentially malicious documents submitted to the tipline in
order to protect other submissions and sensitive information on
journalist workstations. **> If not all of your products/services use Xen=
, a list of (some of)
your products/services (or categories thereof) which do.*
**
*Only the SecureDrop workstation is based on Xen via QubesOS
(https://qubes-os.org).*
**
*> Link(s) to current public web pages, belonging to your organisation,
for each of following pieces of information: **> Evidence of your status =
as a service/software provider: **Freedom of the Press Foundation develop=
s and maintains several open
source projects such as SecureDrop and the SecureDrop workstation. You
can see the main text on https://securedrop.org and
https://freedom.press as evidence of this. In addition, news
organizations that wish to contract with us for paid support services
can do so here: **https://securedrop.org/help/. **> If you are a public h=
osting provider, your public rates or how to get
a quote: **N/A **> If you are a software provider, how your software can =
be downloaded
or purchased:**Download and install QubesOS (https://qubes-os.org) and in=
stall the
SecureDrop workstation following the documentation in the README at:
https://github.com/freedomofpress/securedrop-workstation/*
**
*> If you are an open-source project, a mailing list archive and/or
version control repository, with active development: =C2=A0*
*https://github.com/freedomofpress/securedrop/*
*https://github.com/freedomofpress/securedrop-workstation*
**
*> Evidence of your status as a user/distributor of Xen:**> Statements ab=
out, or descriptions of, your eligible production
services or released software, from which it is immediately evident that
they use Xen. **The workstation at
https://github.com/freedomofpress/securedrop-workstation requires the
use of Qubes/Xen. **> Information about your handling of security problem=
s: **> Your invitation to members of the public, who discover security
problems with your products/services, to report them in confidence to you=
; **We invite reports via: **https://github.com/freedomofpress/securedrop=
-workstation/blob/master/SECURITY.md*
*https://github.com/freedomofpress/securedrop/blob/develop/SECURITY.md*
**
*> Specifically, the contact information (email addresses or other
contact instructions) which such a member of the public should use. **We =
receive security reports at**: security@freedom.press **We have a public =
security bug bounty program at:
https://bugcrowd.com/freedomofpress We publish security advisories at:
https://securedrop.org/news/security-advisory/ We have read the policy
and agree to abide by the terms for inclusion in this list, including
the embargo. > The single (non-personal) email alias you wish added to
the predisclosure list. security@freedom.press ***Please let me know if a=
ny additional information is required.=20

Best,

Jennifer Helsby

--=20
Jennifer Helsby, Ph.D.
SecureDrop Lead Developer
Freedom of the Press Foundation
<jen@freedom.press>
GnuPG: F48E CC56 4980 83F1 80DF F943 DA05 B7C5 2ABA F334


--------------64E18C3B239CB4395594038F
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p><b style=3D"font-weight:normal;"
        id=3D"docs-internal-guid-80ed4811-7fff-28ec-f1fe-f994abe934b4">
        <ul style=3D"margin-top:0;margin-bottom:0;">
        </ul>
      </b></p>
    <pre class=3D"moz-signature" cols=3D"72"><b style=3D"font-weight:norm=
al;" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac2f">Hello=
 list members,

SecureDrop / Freedom of the Press Foundation would like to apply to join =
the Xen pre-disclosure list.

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f"><b style=3D"font-weight:normal;" id=3D"docs-in=
ternal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac2f">As background, SecureDr=
op is a whistleblowing platform used by dozens of news organizations incl=
uding the Washington Post and the
New York Times to accept and triage tips from journalistic sources. It is=
 currently supported by Freedom of the Press Foundation.</b>

&gt; The name of your organization:=20
Freedom of the Press Foundation

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; Domain name(s) which you use to provide X=
en software/services:=20
<a class=3D"moz-txt-link-freetext" href=3D"https://securedrop.org">https:=
//securedrop.org</a>, <a class=3D"moz-txt-link-freetext" href=3D"https://=
freedom.press">https://freedom.press</a>=20

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; A brief description of why you fit the cr=
iteria</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8=
f82-7fff-b7db-8cd7-868ee3a8ac2f">:=20

The SecureDrop Workstation </b><b style=3D"font-weight:normal;" id=3D"doc=
s-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac2f"><b style=3D"font-we=
ight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac=
2f">(<a class=3D"moz-txt-link-freetext" href=3D"https://github.com/freedo=
mofpress/securedrop-workstation/">https://github.com/freedomofpress/secur=
edrop-workstation/</a>)</b> is a product used by
journalists at news organizations which relies on the security and isolat=
ion properties of the Xen hypervisor (via QubesOS)
for opening potentially malicious documents submitted to the tipline in o=
rder to protect other submissions and sensitive
information on journalist workstations.

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; If not all of your products/services use =
Xen, a list of (some of) your products/services (or categories thereof) w=
hich do.</b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"> </b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f">Only the SecureDrop workstation is based on Xen vi=
a QubesOS (<a class=3D"moz-txt-link-freetext" href=3D"https://qubes-os.or=
g">https://qubes-os.org</a>).</b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"> </b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f">&gt; Link(s) to current public web pages, belongin=
g to your organisation, for each of following pieces of information:

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; Evidence of your status as a service/soft=
ware provider:

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">Freedom of the Press Foundation develops and m=
aintains several open source projects such as SecureDrop and the SecureDr=
op workstation.
You can see the main text on <a class=3D"moz-txt-link-freetext" href=3D"h=
ttps://securedrop.org">https://securedrop.org</a> and <a class=3D"moz-txt=
-link-freetext" href=3D"https://freedom.press">https://freedom.press</a> =
as evidence of this. In addition, news organizations that wish to contrac=
t
with us for paid support services can do so here: </b><b style=3D"font-we=
ight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac=
2f"><a href=3D"https://securedrop.org/help/">https://securedrop.org/help/=
</a>.=20

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; If you are a public hosting provider, you=
r public rates or how to get a quote: </b><b style=3D"font-weight:normal;=
" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac2f">
N/A

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; If you are a software provider, how your =
software can be downloaded or purchased:</b><b style=3D"font-weight:norma=
l;" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868ee3a8ac2f">=20

Download and install QubesOS (<a class=3D"moz-txt-link-freetext" href=3D"=
https://qubes-os.org">https://qubes-os.org</a>) and install the SecureDro=
p workstation following the documentation in
the README at: <a class=3D"moz-txt-link-freetext" href=3D"https://github.=
com/freedomofpress/securedrop-workstation/">https://github.com/freedomofp=
ress/securedrop-workstation/</a></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f">&gt; If you are an open-source project, a mailing =
list archive and/or version control repository, with active development:
=C2=A0</b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"><a class=3D"moz-txt-link-freetext" href=3D"https:/=
/github.com/freedomofpress/securedrop/">https://github.com/freedomofpress=
/securedrop/</a></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"><a class=3D"moz-txt-link-freetext" href=3D"https:/=
/github.com/freedomofpress/securedrop-workstation">https://github.com/fre=
edomofpress/securedrop-workstation</a></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"> </b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f">&gt; Evidence of your status as a user/distributor=
 of Xen:</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ff=
e8f82-7fff-b7db-8cd7-868ee3a8ac2f">

&gt; Statements about, or descriptions of, your eligible production servi=
ces or released software, from which it is immediately evident that they =
use Xen.

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">The workstation at <a class=3D"moz-txt-link-fr=
eetext" href=3D"https://github.com/freedomofpress/securedrop-workstation"=
>https://github.com/freedomofpress/securedrop-workstation</a> requires th=
e use of Qubes/Xen.

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; Information about your handling of securi=
ty problems:

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">&gt; Your invitation to members of the public,=
 who discover security problems with your products/services, to report th=
em in confidence to you;

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">We invite reports via:

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f"><a class=3D"moz-txt-link-freetext" href=3D"htt=
ps://github.com/freedomofpress/securedrop-workstation/blob/master/SECURIT=
Y.md">https://github.com/freedomofpress/securedrop-workstation/blob/maste=
r/SECURITY.md</a></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"><a class=3D"moz-txt-link-freetext" href=3D"https:/=
/github.com/freedomofpress/securedrop/blob/develop/SECURITY.md">https://g=
ithub.com/freedomofpress/securedrop/blob/develop/SECURITY.md</a></b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f"> </b>
<b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b=
7db-8cd7-868ee3a8ac2f">&gt; Specifically, the contact information (email =
addresses or other contact instructions) which such a member of the publi=
c should use.

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">We receive security reports at</b><b style=3D"=
font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7fff-b7db-8cd7-868=
ee3a8ac2f">: <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:securit=
y@freedom.press">security@freedom.press</a>

</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f">We have a public security bug bounty program a=
t: <a class=3D"moz-txt-link-freetext" href=3D"https://bugcrowd.com/freedo=
mofpress">https://bugcrowd.com/freedomofpress</a>

We publish security advisories at: <a class=3D"moz-txt-link-freetext" hre=
f=3D"https://securedrop.org/news/security-advisory/">https://securedrop.o=
rg/news/security-advisory/</a>

We have read the policy and agree to abide by the terms for inclusion in =
this list, including the embargo.=20

&gt; The single (non-personal) email alias you wish added to the prediscl=
osure list.

<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:security@freedom.pre=
ss">security@freedom.press</a>
</b><b style=3D"font-weight:normal;" id=3D"docs-internal-guid-5ffe8f82-7f=
ff-b7db-8cd7-868ee3a8ac2f"><span style=3D"color: rgb(103, 103, 103); font=
-family: Roboto; font-size: 18px; font-style: normal; font-variant-ligatu=
res: normal; font-variant-caps: normal; font-weight: 300; letter-spacing:=
 normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: =
none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-str=
oke-width: 0px; background-color: rgb(246, 246, 246); text-decoration-sty=
le: initial; text-decoration-color: initial; display: inline !important; =
float: none;">
</span></b>Please let me know if any additional information is required. =


Best,

Jennifer Helsby

--=20
Jennifer Helsby, Ph.D.
SecureDrop Lead Developer
Freedom of the Press Foundation
<a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:jen@freedom.press">&lt;=
jen@freedom.press&gt;</a>
GnuPG: F48E CC56 4980 83F1 80DF F943 DA05 B7C5 2ABA F334
</pre>
  </body>
</html>

--------------64E18C3B239CB4395594038F--

--mMWyDNkyIbyQcCXOMY7KBXHZYvR18tTXH--

--ztFNEu9xBFsLCov9VYVmg3Qf46ORqu9lE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEntsmvkbGwko38nhRsH6AZWrNlQEFAl4OaLoACgkQsH6AZWrN
lQGzChAAt2itmvU3P4fFsiMBNdVeVFTDYX5M5YlwEGaehUVQhgC94eedtkh++7Np
MUnb4vsRWJFaMttThq5uvI56es1GOi5APhrxWH2cHivq69mz1ewb4i2FCbk24QU8
ua0iU2t8ZU9FODMN6ncnCwsltZspIg6VsDeUAl/Dx44Iz3cE2R9GgmdrhdSTHsI8
LR+imteYWmgW92azaC2hjJeq1ZCEq99IbL2WRsC0NwatyFerAO61wyj2t20ZmIon
dO65UXXJC14yY76J2cDxCGfAoAPZuBtK9HQD9uDRceBK02L8uZ9gCyWDObm6cjht
LyIQGuQccSMON27ROiMJaH8lpaTHhdfLKVipxQo2mROIVjCQoGAHFMEplyx+35Nt
Cs2x1mmqKVOFpGLty88fpggsjHbe7zLCx18nAcdfcaS56CQofalxxFjREQAIUa8C
IDwkaWT3oWHYxPTLZ4L+LVFDHWr0CfUFXbQRW8hWVVMmZAN3ji1x8f3JwkmS3smI
UrVytc2SZKInz4bM/mX6R1M2g0hcBnaHE9Np4O8O6q1/VWghqwRgPh0eug9QRLJ/
fViBd/Gl4MbbqnD25c9iyBcMN3/+sED4bIS8a8qZ+r6IAehZGoADla9Q8ncFrp/U
aHY6y+TdlRb2ZLpXuKzZvzWd5XbJXspyT0Rmw5TRyCA+8mjLjNk=
=es/C
-----END PGP SIGNATURE-----

--ztFNEu9xBFsLCov9VYVmg3Qf46ORqu9lE--


--===============6734818444329776457==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KUHJlZGlzY2xv
c3VyZS1hcHBsaWNhdGlvbnMgbWFpbGluZyBsaXN0ClByZWRpc2Nsb3N1cmUtYXBwbGljYXRpb25z
QGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1h
bi9saXN0aW5mby9wcmVkaXNjbG9zdXJlLWFwcGxpY2F0aW9ucw==

--===============6734818444329776457==--


From predisclosure-applications-bounces@lists.xenproject.org Fri Jan 03 13:30:40 2020
Return-path: <predisclosure-applications-bounces@lists.xenproject.org>
Envelope-to: archives@lists.xenproject.org
Delivery-date: Fri, 03 Jan 2020 13:30:40 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <predisclosure-applications-bounces@lists.xenproject.org>)
	id 1inN2E-0007EG-TG; Fri, 03 Jan 2020 13:30:38 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=pquE=2Y=citrix.com=ian.jackson@srs-us1.protection.inumbo.net>)
 id 1inM48-0000Yk-S4
 for predisclosure-applications@lists.xenproject.org;
 Fri, 03 Jan 2020 12:28:32 +0000
X-Inumbo-ID: 88739b98-2e24-11ea-a1e1-bc764e2007e4
Received: from esa3.hc3370-68.iphmx.com (unknown [216.71.145.155])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 88739b98-2e24-11ea-a1e1-bc764e2007e4;
 Fri, 03 Jan 2020 12:28:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=citrix.com; s=securemail; t=1578054504;
 h=from:mime-version:content-transfer-encoding:message-id:
 date:to:cc:subject:in-reply-to:references;
 bh=gwi5cvxynadndLBhq2FIIZLDDAhRoPNOs4BE3zZMTLg=;
 b=Lll0ojkvVQnfNTkNjy4WuC0VknuNykxFYWkUOMPU4NQi1oWwk1/VoKBN
 FMO+XvJlnTuezwaNrBFEBuXQiX4ua3ulVhJzjkFZUmqnCPzz/55O0BfIQ
 qGJe9kkbdgwnn06oJXa/oaq2/2qBCfagLvAIbyBPiivf1gGs0UVqFz78k o=;
Authentication-Results: esa3.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none;
 spf=None smtp.pra=ian.jackson@citrix.com;
 spf=Pass smtp.mailfrom=Ian.Jackson@citrix.com;
 spf=None smtp.helo=postmaster@mail.citrix.com
Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 ian.jackson@citrix.com) identity=pra;
 client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="Ian.Jackson@citrix.com";
 x-sender="ian.jackson@citrix.com"; x-conformance=sidf_compatible
Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of
 Ian.Jackson@citrix.com designates 162.221.158.21 as permitted
 sender) identity=mailfrom; client-ip=162.221.158.21;
 receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="Ian.Jackson@citrix.com";
 x-sender="Ian.Jackson@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83
 ip4:168.245.78.127 ~all"
Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com;
 envelope-from="Ian.Jackson@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: yfwVTScJiOf7j6OQRv43PsJpMb8WA0lX7W58XUyR8YTRdM0e6uECAwgavy+BfxzGmu+N/Js00X
 ZEDXTG20wtWb39DwWkclzGdqI8M8qkDkdlJ8l+0OiE7pjAfK7IDFFhePfZt2QxHvNIHZ7MrWYZ
 B/xvs3Qdu4cSLBlMVBGdlyXJKHpCBrx55vgymhbp9k9U4zX/Xvziq3dxNvrRzRvUuSkXFRwZoz
 ekGyaM3FpwsR2Zy1CicbYFgdAsBu6f/wbZbyWc6USFVKBKyfLEm5rBmcA/vzJjFxcS7yuszI+5
 lJo=
X-SBRS: 2.7
X-MesageID: 10405781
X-Ironport-Server: esa3.hc3370-68.iphmx.com
X-Remote-IP: 162.221.158.21
X-Policy: $RELAYED
X-IronPort-AV: E=Sophos;i="5.69,390,1571716800"; d="scan'208";a="10405781"
From: Ian Jackson <ian.jackson@citrix.com>
MIME-Version: 1.0
Message-ID: <24079.13142.488220.975919@mariner.uk.xensource.com>
Date: Fri, 3 Jan 2020 12:28:06 +0000
To: Jennifer Helsby <jen@freedom.press>
In-Reply-To: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
References: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
X-Mailer: VM 8.2.0b under 24.5.1 (i686-pc-linux-gnu)
X-Mailman-Approved-At: Fri, 03 Jan 2020 13:30:38 +0000
Subject: Re: [Predisclosure-applications] SecureDrop / Freedom of the Press
 Foundation request
X-BeenThere: predisclosure-applications@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Applications for membership of Xen Security Advisories Pre-disclosure
 List <predisclosure-applications.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:predisclosure-applications@lists.xenproject.org>
List-Help: <mailto:predisclosure-applications-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=subscribe>
Cc: "predisclosure-applications@lists.xenproject.org"
 <predisclosure-applications@lists.xenproject.org>,
 "security@freedom.press" <security@freedom.press>, security@xenproject.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: predisclosure-applications-bounces@lists.xenproject.org
Sender: "Predisclosure-applications"
 <predisclosure-applications-bounces@lists.xenproject.org>

SmVubmlmZXIgSGVsc2J5IHdyaXRlcyAoIltQcmVkaXNjbG9zdXJlLWFwcGxpY2F0aW9uc10gU2Vj
dXJlRHJvcCAvIEZyZWVkb20gb2YgdGhlIFByZXNzIEZvdW5kYXRpb24gcmVxdWVzdCIpOgo+IEhl
bGxvIGxpc3QgbWVtYmVycywKPiAKPiBTZWN1cmVEcm9wIC8gRnJlZWRvbSBvZiB0aGUgUHJlc3Mg
Rm91bmRhdGlvbiB3b3VsZCBsaWtlIHRvIGFwcGx5IHRvIGpvaW4gdGhlIFhlbiBwcmUtZGlzY2xv
c3VyZSBsaXN0LgoKSGkuICBUaGFua3MgZm9yIHlvdXIgYXBwbGljYXRpb24uCgpXZSB0aGluayB0
aGF0LCB1bmZvcnR1bmF0ZWx5LCByaWdodCBub3cgeW91IGRvbid0IHF1YWxpZnkgYmVjYXVzZQoK
PiA+IEV2aWRlbmNlIG9mIHlvdXIgc3RhdHVzIGFzIGEgdXNlci9kaXN0cmlidXRvciBvZiBYZW46
Cj4gCj4gPiBTdGF0ZW1lbnRzIGFib3V0LCBvciBkZXNjcmlwdGlvbnMgb2YsIHlvdXIgZWxpZ2li
bGUgcHJvZHVjdGlvbiBzZXJ2aWNlcyBvciByZWxlYXNlZCBzb2Z0d2FyZSwgZnJvbSB3aGljaCBp
dCBpcyBpbW1lZGlhdGVseSBldmlkZW50IHRoYXQgdGhleSB1c2UgWGVuLgo+IAo+IFRoZSB3b3Jr
c3RhdGlvbiBhdCBodHRwczovL2dpdGh1Yi5jb20vZnJlZWRvbW9mcHJlc3Mvc2VjdXJlZHJvcC13
b3Jrc3RhdGlvbiByZXF1aXJlcyB0aGUgdXNlIG9mIFF1YmVzL1hlbi4KCnRoaXMgc29mdHdhcmUg
aXMgbm90ICJyZWxlYXNlZCIgaW4gdGhlIGFwcHJvcHJpYXRlIHNlbnNlLiAgVGhlIHBhZ2UKaXRz
ZWxmIHNheXM6CgogIElNUE9SVEFOVDogVGhpcyBwcm9qZWN0IGlzIGluIGFscGhhLCBoYXMga25v
d24gYnVncyBhbmQgc2hvcnRjb21pbmdzLAogIGFuZCBzaG91bGQgbm90IGJlIHVzZWQgaW4gcHJv
ZHVjdGlvbiBlbnZpcm9ubWVudHMuCgphbmQgZ2l2ZXMgYSBsaW5rIHRvIGEga25vd24gc2V0IG9m
IGV4aXN0aW5nIHNlY3VyaXR5IGlzc3Vlcy4gIEl0CmRvZXNuJ3Qgc2VlbSB0byB1cyB0aGF0IHlv
dSBhcmUgaW4gYSBwb3NpdGlvbiB0byBpbW1pbWVudGx5IHJlbW92ZQp0aGF0IGNhdmVhdC4gIFdo
ZW4geW91IG1ha2UgKG9yIGFyZSBhYm91dCB0byBtYWtlKSBhIHJlbGVhc2UgdGhhdAptaWdodCBi
ZSB1c2VkIGluIHByb2R1Y3Rpb24gKGFsdGhvdWdoIHBlcmhhcHMgb25seSBieSBhZHZhbmNlZCB1
c2Vycwp3aG8gd2lsbCB0b2xlcmF0ZSBidWdzIC0gYSBiZXRhLCB5b3UgbWlnaHQgc2F5KSB3ZSB0
aGluayB5b3Ugd2lsbApxdWFsaWZ5LgoKQXMgYSBtYXR0ZXIgb2YgdHJhbnNwYXJlbmN5IHdlIGFs
c28gd2FudGVkIGluIHRoaXMgbWFpbCAod2hpY2ggaXMKcHVibGlzaGVkIG9uIHRoZSBsaXN0KSB0
byBkaXNjdXNzIHR3byBvdGhlciBpc3N1ZXMgd2hpY2ggYXJvc2UuCgpGaXJzdGx5LCBpdCBzZWVt
ZWQgdG8gdXMgdW5jbGVhciB3aGV0aGVyIHlvdSB3ZXJlIGRpc3RyaWJ1dGluZyBhCm1vZGlmaWVk
IHZlcnNpb24gb2YgUXViZXNPUyAtIGFuZCBob3cgcmVsZXZhbnQgdGhpcyB3YXMgdG8gd2hldGhl
ciB5b3UKcXVhbGlmeSB1bmRlciB0aGUgWGVuIFByb2plY3QgUG9saWN5LiAgV2UgcmV2aWV3ZWQg
eW91cgpzZWN1cmVkcm9wLXdvcmtzdGF0aW9uIHJlcG9zaXRvcnkuICBJdCBzZWVtcyB0byBtb3N0
bHkgYmUgYQpjb25maWd1cmF0aW9uIG1hbmFnZW1lbnQgc2V0dXAsIHdoaWNoIGFzc2VtYmxlcyBh
IHN5c3RlbSAoaW5jbHVkaW5nClhlbiBjb21wb25lbnRzKSBvbiB5b3VyIHVzZXJzJyBzeXN0ZW1z
LiAgV2UgZmVsdCB0aGF0IHRoaXMgd2FzCnN1ZmZpY2llbnQgZm9yIHlvdSB0byBxdWFsaWZ5LiAg
T25lIGNvbnNpZGVyYXRpb24gaW4geW91ciBmYXZvdXIgd2FzCnRoYXQgeW91IG1pZ2h0IHZlcnkg
d2VsbCB3YW50LCBmb3IgZXhhbXBsZSwgdG8gbW9kaWZ5IHRoYXQKY29uZmlndXJhdGlvbiBtYW5h
Z2VtZW50IHJlcG9zaXRvcnkgdG8gZGVwbG95IHdvcmthcm91bmRzIGZvcgp2dWxuZXJhYmlsaXRp
ZXMuICBZb3UgbWlnaHQgYWxzbyB3YW50IHRvIGRpc2N1c3MgeW91ciByZXNwb25zZSB0byBhCnZ1
bG5lcmFiaWxpdHkgd2l0aCBRdWJlcy4gIEl0IHNlZW1lZCB0byB1cyB0aGF0IHRoZSBhcHByb3By
aWF0ZSB3YXkKZm9yIHRoZXNlIHRoaW5ncyB0byBiZSBhY2hpZXZlZCB3b3VsZCBiZSBmb3IgeW91
IHRvIGJlIG9uIHRoZQpwcmVkaXNjbG9zdXJlIGxpc3QuCgpTZWNvbmRseSwgd2UgdGhpbmsgeW91
ciBhcHBsaWNhdGlvbiB3YXMgdGhlIGZpcnN0IHdoZXJlIGxpbmtzIHRvCk1hcmtkb3duIGZpbGVz
IG9uIGEgM3JkLXBhcnR5IGdpdCBob3N0aW5nIHNlcnZpY2Ugd2VyZSBvZmZlcmVkIGluCnJlc3Bv
bnNlIHRvIHRoZSBwb2xpY3kgcmVxdWlyZW1lbnQgZm9yICJMaW5rKHMpIHRvIGN1cnJlbnQgcHVi
bGljIHdlYgpwYWdlcywgYmVsb25naW5nIHRvIHlvdXIgb3JnYW5pc2F0aW9uIi4gIFdlIGNvbmNs
dWRlZCB0aGF0IHRoaXMgY29tbW9uCmFwcHJvYWNoIGRvZXMgYW1vdW50IHRvIHdlYiBob3N0aW5n
LCBldmVuIHRob3VnaCBpdCBkb2Vzbid0IHVzZSBhCmRvbWFpbiBuYW1lIG93bmVkIGJ5IHlvdS4g
IFBlb3BsZSBvZnRlbiB1c2UgdGhlaXIgZ2l0IGhvc3RpbmcgdG9wbGV2ZWwKcGFnZSwgd2l0aCB0
aGUgZm9ybWF0dGVkIFJFQURNRS5tZCwgYXMgdGhlaXIgcHJvamVjdCBob21lIHBhZ2UsCmVmZmVj
dGl2ZWx5IHRyZWF0aW5nIHRoZSBnaXQgc2VydmljZSBhcyB0aGVpciB3ZWIgaG9zdGluZyBwcm92
aWRlci4KU28gb24gdGhpcyBjb3VudCB3ZSBjb25zaWRlcmVkIHRoYXQgeW91IG1lZXQgdGhlIHJl
cXVpcmVtZW50cy4KClRoYW5rcyBmb3IgeW91ciBlbnF1aXJ5IGFuZCB3ZSBsb29rIGZvcndhcmQg
dG8gaGVhcmluZyBmcm9tIHlvdSBhZ2Fpbgp3aGVuIHlvdXIgcHJvamVjdCBpcyBtb3JlIG1hdHVy
ZS4KCklmIHlvdSB0aGluayBpdCBkZXNpcmFibGUgdG8gaGF2ZSBwcmVkaXNjbG9zdXJlIGxpc3Qg
bWVtYmVyc2hpcCBpbgpwbGFjZSBiZWZvcmUgYSBmb3JtYWwgcmVsZWFzZSwgd2Ugd291bGQgd2Vs
Y29tZSBhIHJlbmV3ZWQgYXBwbGljYXRpb24KZXZlbiBiZWZvcmUgeW91IGRlY2xhcmUgdGhlIHN5
c3RlbSBzdWl0YWJsZSBmb3IgcmVhbC13b3JsZCB1c2UuCgpSZWdhcmRzLApJYW4uCihvbiBiZWhh
bGYgb2YgdGhlIFhlbiBQcm9qZWN0IFNlY3VyaXR5IFRlYW0uKQoKX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX18KUHJlZGlzY2xvc3VyZS1hcHBsaWNhdGlvbnMg
bWFpbGluZyBsaXN0ClByZWRpc2Nsb3N1cmUtYXBwbGljYXRpb25zQGxpc3RzLnhlbnByb2plY3Qu
b3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5mby9wcmVkaXNj
bG9zdXJlLWFwcGxpY2F0aW9ucw==

From predisclosure-applications-bounces@lists.xenproject.org Fri Jan 03 17:03:48 2020
Return-path: <predisclosure-applications-bounces@lists.xenproject.org>
Envelope-to: archives@lists.xenproject.org
Delivery-date: Fri, 03 Jan 2020 17:03:48 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <predisclosure-applications-bounces@lists.xenproject.org>)
	id 1inQMV-0003XG-3q; Fri, 03 Jan 2020 17:03:47 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89)
 (envelope-from <SRS0=gX1s=2Y=freedom.press=jen@srs-us1.protection.inumbo.net>)
 id 1inQIj-0002jO-C0
 for predisclosure-applications@lists.xenproject.org;
 Fri, 03 Jan 2020 16:59:53 +0000
X-Inumbo-ID: 74647981-2e4a-11ea-a4ec-12813bfff9fa
Received: from npomail1.electricembers.net (unknown [208.90.215.73])
 by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id 74647981-2e4a-11ea-a4ec-12813bfff9fa;
 Fri, 03 Jan 2020 16:59:52 +0000 (UTC)
Received: from private by npomail1.electricembers.net;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=freedom.press; s=mail;
 t=1578070791; bh=4OvShP6NWwuP4jIXvzvmCDys1Eq60AO0St0hALxHtrs=;
 l=3960; h=To:From:Subject:MIME-Version:Content-Type;
 b=DGAglCo1WPwCzrt19a6p8a8AiL1v6ojw0DBPYdJGN1M7TQ4rWRBLNJiyD9jGkcwZm
 eLrK6ergJniDCnGivcyzf8/qWNjWI9U43gwYOdJeqdIkaqFjs/U1bSaalEP4NM9cQ7
 rnsjzoL8sPrnpIL/JtLOhdC+2t137raKFzD4hOgDaXbdxnViXxqtNK+8S/+XOIE67J
 wtD1JlelSW5rL0djWeMnSLBgfFReKxG7EyrBnfyNJCDrfQH0+lgnJWIpZbrMKG/DuZ
 a0FbYnn+HYVQ8EUXVlts691GsMNWHwkRG5mZrVLFGgDO7yKHWODGEQSCk4SmjJXVdd
 mhoj7vLZNTBBQ==
To: Ian Jackson <ian.jackson@citrix.com>
References: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
 <24079.13142.488220.975919@mariner.uk.xensource.com>
From: Jennifer Helsby <jen@freedom.press>
Openpgp: preference=signencrypt
Autocrypt: addr=jen@freedom.press; prefer-encrypt=mutual; keydata=
 mQINBFeRulQBEADjusVDkRxz1fT3rYRfj0Ktlvh3SeqKC3OjUFDI9/morqPDXCxCVm9dWvRJ
 qQnGWix+7cBwp2d96CoJrchxXojNLPgZ57C0EtXNu1i3SMYrppSD6hT/ZdGlHUONgVO4rfV5
 gOvKHPhiWf+omD72VtfiTV3W2KG2l6v/IRP+kjcKj09A9PqlO49eK95cP3ErzbnGWR9UNA0r
 RDgf9nX0RlQXgTTY9dMCdD2HOUPXVUnetenokvuBC3B42l2LkTx76poKcyxf3LsAY6D7e4GU
 NXhsW65Maj0KM49dtDcMh7bP7fLYcxBj3mx+Y5xpzgzqUqYjEV6ytxLCTYdEgV3W3+9pPzDH
 UVk0FTZcfpRVJEF1a0yIkO9lZzxF3KojW8ZV1srLpeXiyhzaKqR326lx+ek9gKktfwiioWKb
 5IWbGGCgncXP9QS4xkIZqJufY4cVULTyDC4/AG4Rxlp1+10OzoMhI4CAyq0tVYXtfpN4Qagw
 ZJstqZWFu/1W7EVr1cU4TMYkMwh95mOZi5rkq8gr449SzGC8xYL57BBFss3PTwmY/RKVQcXo
 DByOe/uVhDj7KvuEUh/bh4NOhEGIs7m647PTaKrmm9l6wvADhUQrvIyE39Jw9WwE/vznr4s6
 kLjFv7zGE7jh9WHkC7mcf+9dqR80XjoKaOqHWtxGoxcNPa0VJQARAQABtCNKZW5uaWZlciBI
 ZWxzYnkgPGplbkBmcmVlZG9tLnByZXNzPokCNwQTAQoAIQUCV5G6VAIbAQULCQgHAwUVCgkI
 CwUWAgMBAAIeAQIXgAAKCRDaBbfFKrrzNEKRD/9u1EmsircQzCy92F81aX2Ptu9II40Z1pbA
 4qryP8tQTM4biMy1ayjpiFjovYZa+vrZ0hVTSuin5ZQ0dI73tBCi5FSycsowXALvEIeApuVX
 JKaC/7gnO4QNFhDHiW+M4kORllFgtex6IuSOzcUIT+oqGHS8eB8cl1N9lLOMU5/PCo50IoU9
 WrrmF0f9EKhlkD5snDQy20gc+J+ukUg7cNpSPVaFAXZs/0CIvvuMv3tp2/VqlF5x1xW7Q8I5
 JUAnPSyQ4pWOlnfbEwsIjyagDicV940iOxTL8vq92vKLFOw/EmNYUs89ebH3WNfhYAWiMtOL
 o0hgc1qNsCPdovASZ0skBGMzmT+Nvfgb4VYuLMl5/tm9etgcdv+hb8Oo6zxUwQLETKiPiWkZ
 tzUEczMAw8pz0j4h2Y2K6+ryXJTbqcwwZY2DoYwrENWkd+TdPHYgvinPplmiHH7wcl7oKoy5
 oGw7knwkgB7jO7F2R7qUhPg1I0E+fiXCwStTJ0yeXqoNvKwXW22460Tjs3vl21hZo6sr8hF8
 2xZdfbzprwejJ2T1pJbya6YT+nv4fH1p1wc8ooeOgWKjVWtCig6wojSiKQ4AjKa4RVL9/8gX
 q+5u7NSxUxOMqfTNWbxR3GDBZjxBA/o1XLIxnRAlfwD8c3UrhRC77P6HrP5wSYZF+/i5ZJds
 O7kCDQRXkbr/ARAAl+R3VpHh3Q5v6Bf8ZP6zLS693A0AseJPPo4wwCOfCvRZWLIVgrdkHuK3
 vSjafLSsL1m67FUb6AXHmE4YWEp/gr0mj25JSSMCegXfh+wbyhKzmzZL6uiUKuJug8uIBZRp
 uDTAfV34ssZ0CL8aHsntb/RFydANimOV+qLwV/HS4NEPVicnmYkyOhvJ2xZq7VHiTm6lwjyZ
 KxcFeOvWIrrKmc4fHQYyiEExH7xaBTDOSmlXTY5Ae5waA1/tS5SV3UixoRiHb6giUusIJsDV
 4PHnyAYiuBlk7tjP9yAHXyvGPA6XO9TBWuycRqgZ1Tm06prB460RpNEd9EY4Vr8Bugs6YMbu
 ldxJwOL5n46l0PdaMhrBNyJPwt4p5cxcm8f4kt8QvLh/t/Jh2oU2gaNuIoQXl1NUBdwcMoDb
 owuEIUFk1IecQt8v38INFHWJ0r7VrJzreG0OWcUSwxGPe4FOkdmwNgmRCCLC74ThGegXVJNw
 njqk3Ean8bPcOROmMyEHEJ8j+wxkTMfQtCcw4CQlFDcNjMrGV6iBncI0y2Fjg5TvkpC0rqSQ
 o+PgfcSppXIY9TedfjphhVihM7isMg9icjEs++kSvaM5ajzHbOEZe0J3lAv5L9bxZR38zzF7
 H8ofFQRPG6zzIE+X/XRBl5pIRz8ERQaSuwyquE5HlFWXjX7R5L0AEQEAAYkCJQQYAQoADwIb
 DAUCXTdcpgUJC0k8IwAKCRDaBbfFKrrzNGnHD/95czk6B5qeR8+KrR5AVrSUk7tBorrXK4ze
 0Gr30cAPmLtBjsWBbPuHZFXpzijCoVrRCNBmlMb0p7PJudh90Voi+Ggse80WeXsYu2bjDCFv
 cTmaFXgA8gGZ0pnMOnz8ltc7tsZrPiQw457zQO97v18h02Ka5JkZNo/BbfN5fRuVU3T14GR4
 ELg4tRFVACejyjWsn+pwN5w2s0cbu3KUBvySoFSo4CATmIiXCmoUtHAc9/pBebzSo40dxcSY
 v3kpCx/F4OXpai2YECeUXA6TlOlVhVm7joX00FThQgi728h3rdit4CXSlaz/I4WxXvSzgDe3
 kiFxN+/2w2ZQafcjdkuuiQ2yeJPQds/SvNPbbvEnBM9aF2Rqt/IYKsGKPg8QuEvOFfhyzFa1
 7ybngTGaLta4MNj1FOWSEvjxLTVXiuRBamM9IL0wmfec5KUhJU/IN/+URUeW0W+lQ6m1+M4s
 D2mx0hvEYe8lx3o4lks6Bbm/dWqnUwdsA2cWn0R9dnMt7b8b997XaRXy528eQ3XnBEs+sMVm
 pX4q1eiibur6OZ2zM8au29Naea5+1Y0AgJQRV8eYVwgYmRdjHMyVDCJsdnDp8C+1iZReZclu
 aKSWP2olYdn5v0OclneI5iN67mANUY+STQS5H/TNtQyhbHkGnszyzkjKygVIgWw/J9GJ/5w3
 SLkCDQRXkbqoARAAvguQQmy0DyZOmZXfFYNfMm95bPPZOUpvvjBARrh2IGPlMl3xtserNMje
 lFYkkRRsACtxqRxq3TTSJpKI0vvpNLLpqN6shwNUQ3qz2yIAvW+aEKVi7HLOWv71JSQVbmlk
 Zk3UghGP/0iIfurB8m8QmP97oOdsWBiRTr9Wp5tYUjUz/QlNOt3sIYTBE2wnu2f/ivpyRTUm
 LuNr0rbvSsCu/i1CPul9vj01YOXBpIUeQlCMK1uyOwPvEOcaRxeYICOVginEY6UDUMNRJZth
 M8+vEVAdWCqbI1CLWF6PbWshhhyqbuVXmZWOPcVzQfW7k+bsysaAteTu8QFCJT9Y5wG8QM+D
 0IS+I7ChKmKN2VrAlHr4irKwvxhWVOIXaIZr1GLw8bGWUTwjZOi/R+8V+WCRCwlRcR72Kklm
 8JyBCGoeA9ML+tS9AHl/c9JIdlsTvGMsMaMPV41rhta8jx0z+OlpnytRbcmtUFYrfLGfOScs
 +v2BFrYr45DZVB2vvooRBRF9qPq8EsSFHauxoibWjamc0mHH4DEG0yVwuHh4bJLi3pUAAl1d
 +p8YyJoQhPjRrrNSjWJBJw7YbgH785EeU2JwMtGohhMDNxMwt61fYxS7Nj2yjjyD9fBJLOBQ
 5JztwT1AdAgWIjqRHpaPt5rxWUj8QuCIbrIK0B6sMLfYqQHA7v0AEQEAAYkERAQYAQoADwIb
 AgUCXTdcvAUJC0k8kAIpwV0gBBkBCgAGBQJXkbqoAAoJELB+gGVqzZUBKvkP/Rxa9NSIlw/l
 6tRfaymO2jynqJe850gSGWBVnxVWiNGw8PhlqfStJdROIwOQ77axdpRVD3b28QL6Xy1hFD2S
 9QpZ+4HnnNrLHKvkVOe3+9+0RBNEpNpnloeMqT3QqEqEP4U8EAOXTbzI6lZSAOJk4mO/E8rL
 IBq9MzrHmOuwbk6Zg7qudHNWuhCT4ab01ue2CR5tSZf0eQwVsRhVz0ZIRRceFMHtNf2hUHOx
 Z8HtaKnQXqRTQXV+IA5vPnBfwFih+ZvRCvsqNFOrFk/oU3KhQ2Xy3bO4T4okiMXf6ax1+cEN
 92j9h8Z5KFDWl7IEtWYLDRZNv10IWpN7T0USDthreD9SlP6iK91Vie+f22lF8o6/jbPL+B/r
 KIvBCwfz6AlKNGlOyMvCCTk7dAZSiq55CNSLgoRh/r3WxgfAJ3A0ivTclwnIqFuskHdRB8we
 UaPdZ0fEHbwuMW4K5SoDzRVaadZqzOcwlugCasqYQ3ZmQQBkUcIxc1tJWnyDm252lFiPmxmA
 3HZDbBZ58fIQ/SkDyIjHikfUhcqVsxXpFAKRxkIsNfTzCueWg1boBM1scmOPrv7nTF8MNLeD
 7/ID1IqRXjL8+ea0cTo0qV4nCK3VrlKdv+clipHxXc2a7yLIelVkrwMEFgD9cFAt3tNs1j6O
 Pvs3dLypqg7h9miSrsBJJYOeCRDaBbfFKrrzNF1FD/9iBieWFr8lRd3XFFfHwCiPUCoEGCkl
 u3edHj2CRjkwTntdkquGlpNwF+nz1IpWKgCkRfKIBIDmwrCZLTJ9YfTV1aS/8HLS5V78hbMl
 VpcsEaPVf9HblGjcIIf0QiIdLe9abw7wGrJkZXEGU4ebDP++eVijEgTQyVDCUPe4FpvPZ2Ql
 jOCwjQ1esCgXyx5trWlKICd/qLQaJEkZlV1oytfNFAdhHPket3SsD9X6nis772mC6AIDTpNs
 tLc36GVPGJu8aXQTy+WC+ZCaaCcU1ieEQ74Hrb7IjwVh7WIhkgn4+aDx91YDWPYNIPhAuPAX
 uAI9gFtm67+Z3qaYLkVaTJEg0BRkmGVS3W+JpycMl2aYtNBL3XACx+83qyNdqlg3FuI3FJSL
 KI/CA+tCNlTvjLIyshj6q2BUUS4XoWMigQ/79wqM1RZ1ZFjTk4LRWd3GJI5KWSSdNb2MqL7l
 MZZRpQYdJTB/ndc84zVk6M8qoSJtz5o3GCrniBabmrrWqcxcfxJv201c7GIo4mSbLiOgWYdy
 sx1AFaR5F98fdv2mNE6CrMgtM1wV4oRu0P3rD1/RrZ9T/xhiUc2dg3rgQMUCJMVibNVurRFN
 oCf1T0JsTTrO8A/xuyesgTXQFMcL21LYSr1JBSOCZbrAegVcp96Z8Ip3YBARPXEkgbFk0kjW
 6FGVFg==
Message-ID: <da7fe762-ca7a-0ed7-6822-8011038ebefe@freedom.press>
Date: Fri, 3 Jan 2020 11:59:35 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0)
 Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <24079.13142.488220.975919@mariner.uk.xensource.com>
X-Mailman-Approved-At: Fri, 03 Jan 2020 17:03:46 +0000
Subject: Re: [Predisclosure-applications] SecureDrop / Freedom of the Press
 Foundation request
X-BeenThere: predisclosure-applications@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Applications for membership of Xen Security Advisories Pre-disclosure
 List <predisclosure-applications.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:predisclosure-applications@lists.xenproject.org>
List-Help: <mailto:predisclosure-applications-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/predisclosure-applications>, 
 <mailto:predisclosure-applications-request@lists.xenproject.org?subject=subscribe>
Cc: "predisclosure-applications@lists.xenproject.org"
 <predisclosure-applications@lists.xenproject.org>,
 "security@freedom.press" <security@freedom.press>, security@xenproject.org
Content-Type: multipart/mixed; boundary="===============1344864462516089668=="
Errors-To: predisclosure-applications-bounces@lists.xenproject.org
Sender: "Predisclosure-applications"
 <predisclosure-applications-bounces@lists.xenproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1344864462516089668==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="hXcdmz6FxIrWdu0krKgh5fPvpR6ytdsuA"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hXcdmz6FxIrWdu0krKgh5fPvpR6ytdsuA
Content-Type: multipart/mixed; boundary="Qm8MPS7X7sWcSWQK0mNrQWZEocRDIZG0z";
 protected-headers="v1"
From: Jennifer Helsby <jen@freedom.press>
To: Ian Jackson <ian.jackson@citrix.com>
Cc: "predisclosure-applications@lists.xenproject.org"
 <predisclosure-applications@lists.xenproject.org>,
 "security@freedom.press" <security@freedom.press>, security@xenproject.org
Message-ID: <da7fe762-ca7a-0ed7-6822-8011038ebefe@freedom.press>
Subject: Re: [Predisclosure-applications] SecureDrop / Freedom of the Press
 Foundation request
References: <c65b7d83-ec94-8deb-9dda-18f98ee56240@freedom.press>
 <24079.13142.488220.975919@mariner.uk.xensource.com>
In-Reply-To: <24079.13142.488220.975919@mariner.uk.xensource.com>

--Qm8MPS7X7sWcSWQK0mNrQWZEocRDIZG0z
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

On 1/3/20 7:28 AM, Ian Jackson wrote:

>> The workstation at https://github.com/freedomofpress/securedrop-workst=
ation requires the use of Qubes/Xen.
> this software is not "released" in the appropriate sense.  The page
> itself says:
>
>   IMPORTANT: This project is in alpha, has known bugs and shortcomings,=

>   and should not be used in production environments.
>
> and gives a link to a known set of existing security issues.  It
> doesn't seem to us that you are in a position to immimently remove
> that caveat.  When you make (or are about to make) a release that
> might be used in production (although perhaps only by advanced users
> who will tolerate bugs - a beta, you might say) we think you will
> qualify.
Thanks for the thoughtful response. We're applying now as we'll be
beginning production use with a few news organizations in February as
part of a beta, but in light of this we'll hold off for now and will
reapply then (when this caveat/note will be removed).
> As a matter of transparency we also wanted in this mail (which is
> published on the list) to discuss two other issues which arose.
>
> Firstly, it seemed to us unclear whether you were distributing a
> modified version of QubesOS - and how relevant this was to whether you
> qualify under the Xen Project Policy.  We reviewed your
> securedrop-workstation repository.  It seems to mostly be a
> configuration management setup, which assembles a system (including
> Xen components) on your users' systems.  We felt that this was
> sufficient for you to qualify. =20

Yep this is correct.

Thanks again for the consideration.

More soon,

Jen

--=20
Jennifer Helsby, Ph.D.
SecureDrop Lead Developer
Freedom of the Press Foundation
<jen@freedom.press>
GnuPG: F48E CC56 4980 83F1 80DF F943 DA05 B7C5 2ABA F334



--Qm8MPS7X7sWcSWQK0mNrQWZEocRDIZG0z--

--hXcdmz6FxIrWdu0krKgh5fPvpR6ytdsuA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEntsmvkbGwko38nhRsH6AZWrNlQEFAl4PcwQACgkQsH6AZWrN
lQHm/Q//UhfrTcV6yRY3fIpV8pPd1w2Z+I/8lLTyerT9f/jth0ZJ51PxR9imsjk1
kglXFyOtYGY7JoSm5Kacc0X2RwwdOygzeYwzfVw7Omo5iMNyhKHHK54wpMVUS1ST
2VgO5eWslc7B9mbhhZHRQhofL0pz+Do5H/RibUpA8+bfyYQmh7s7xf3+tBL/1UJN
TWWGmFFiObrtmSaTXymeLk4jaO2mqJJ0r8wwJiUofVAWVcDYHxWIkWgJBU8BVcer
2PEisDTZna7TqVXiQAxgKuzbY5c4eV/YNEKmt1XY1vL8Mqifqn0eO07iXNtIA5nC
s7HYrS9lT8kZkFSq+ICJN5qfCiIOMda9liMCo8SKdb4dnE2SPuqhyysf9SifbC7U
b/2utzAVgDYmnMaZMHPGoAeapoLeqCHH3TxPxbw116QxFIbVwedrDRa6ztTeUTwt
9zy/zXriRWJh9DZWwX1onQFsrSHGkaugSXhfETFKjjtTaMhvi11pWWn32sSfBmAN
YEfKdi89WD9Wsezw6fpiPAQgKW23VYJkmgtDkuh9zkQ0qwOG+zSeUkSUw8/4YLsE
i6LK8VdInYIjv8uzfOQqqk88iMGfTLjizdCCwv8Uhr4NuNSFA2ZqN4dfPfIMRyp0
f3OxAhPmIHNI/UsfhNivbaiWsnGEYa4Jbqmz3jfeyvcnBe5JqSQ=
=tnVb
-----END PGP SIGNATURE-----

--hXcdmz6FxIrWdu0krKgh5fPvpR6ytdsuA--


--===============1344864462516089668==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KUHJlZGlzY2xv
c3VyZS1hcHBsaWNhdGlvbnMgbWFpbGluZyBsaXN0ClByZWRpc2Nsb3N1cmUtYXBwbGljYXRpb25z
QGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1h
bi9saXN0aW5mby9wcmVkaXNjbG9zdXJlLWFwcGxpY2F0aW9ucw==

--===============1344864462516089668==--