Xen project Mailing List

Re: [Predisclosure-applications] Predisclosure list application

To: Ian Campbell <ijc@xxxxxxx>

From: "James A. T. Rice" <james@xxxxxxxxxxx>

Date: Mon, 18 May 2015 11:51:23 +0100

Cc: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 18 May 2015 11:38:01 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Hi Ian, Ah, jump-admins@ is Jump Networks Ltd staff, rather than admins of customers, which I see now it might have appeared to have been. There are three people on that list (myself, Nick Waterman, and Hannah Gordon-Smith). As I'm sure you've guessed, the obfuscation on the contact page is purely to dissuade spam, I fully expect spammers implement basic de-obfuscation into their crawlers, so was trying to use something slightly different to common obfuscation. Anyway, I've updated the page to a more familiar format now. Thanks James On 18 May 2015, at 10:28, Ian Campbell <ijc@xxxxxxx> wrote: > Hi James, > > Thank you, your application is largely fine, we have just one issue: > > Please could you clarify the scope of your jump-admins@ alias. It is > intended that predisclosures go to a small team dedicated to handling > incoming security issues, rather than a large team of system > administrators. We would prefer a dedicated security@ or some such. > > It doesn't affect your application but several members of the Xen > security team found your http://www.jump.net.uk/contact page unclear, in > particular "please open a ticket with us at support <at> , highly > confidential reports can be sent to directors <at>.". Adding the > specific domain or perhaps some alternative formatting for the hint > towards the email address to use (e.g. some <tt> tags) might be > beneficial. > > Thanks, > > Ian. > > On Wed, 2015-05-13 at 15:09 +0100, James A. T. Rice wrote: >> Hi, >> >> I'm from Jump Networks Ltd, we offer VPS services using Xen to >> customers as per http://www.jump.net.uk/vps , so believe we fit the >> criteria for inclusion to the predisclosure list. Invitation to >> report security issues to us is at http://www.jump.net.uk/contact . >> Your policy and terms for inclusion onto the list has been read and >> accepted. We'd like jump-admins@xxxxxxxxxxx to be added to the list. >> >> Thanks >> James Rice >> Director >> Jump Networks Ltd >> _______________________________________________ >> Predisclosure-applications mailing list >> Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx >> http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications > >

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.