|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Predisclosure-applications] Gentoo pre-disclosure application
Hi,
I'd like to request the inclusion of Gentoo Linux on the pre-disclosure
list.
Gentoo Linux (gentoo.org) is a source-based Linux distribution. We
distribute Xen in our main package repository.
Evidence of active development can be seen on our mailing lists at
http://archives.gentoo.org/
as well as our repositories at
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/.
Our Xen packages can be found under
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-emulation/xen/.
This should also serve as evidence that we do distribute Xen.
Security issues are handled by the Gentoo Security Project:
http://www.gentoo.org/security/en/
Handling of confidential issues is described under "3. Security Team
contact information". For details regarding our internal handling of
confidential issues also see [1] and [2].
We have read and agree with the terms of the Xen Security Problem
Response Process and will not disclose any information or updated
packages during an embargo period.
Please use package-security-xen@xxxxxxxxxx for the pre-disclosure list.
This is an alias available only to members of the Gentoo Security
Project and the Xen package maintainers. The security team will make
sure that new Xen maintainers understand the policy before they are
added to the alias.
Thank you for your consideration,
Tobias Heinlein
Gentoo Security
[1]
https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Confidential_vulnerability_bug_management
[2] http://www.gentoo.org/security/en/vulnerability-policy.xml
_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |