[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Predisclosure-applications] Huawei application for pre disclosure list



Gujiahui Gu(Jiahui) writes ("[Predisclosure-applications] Huawei application 
for pre disclosure list"):
> Here is the application from Huawei Technologies Co., Ltd.

Hi.  Thanks.  We've considered your application in accordance with the
Xen Project Security Policy.

I'm afraid there are a couple of things missing:


Firstly, the policy requires:

  * Link(s) to current public web pages, belonging to your
    organisation, for each of following pieces of information:
    [...]
      + Your invitation to members of the public, who discover
        security problems with your products/services, to report
        them in confidence to you;
      + Specifically, the contact information (email
        addresses or other contact instructions) which such a
        member of the public should use.

We didn't see such a link in your email.


Secondly, the policy requires:

  * A statement to the effect that you have read this policy and agree
    to abide by the terms for inclusion in the list, specifically the
    requirements to regarding confidentiality during an embargo period.

Likewise, we did not see that in your email.


Note that we did not use this link:

> The FusionSphere integrates the FusionCompute virtualization
> platformand FusionManager cloud management software. UVP (Unified
> Virtualization Platform) is a compont of FusionCompute and UVP is an
> XEN based hypervisor. (
> http://www-archive.xenproject.org/community/vendors/XenProductsPage.html
> ).

This is because the policy requires links to be to `current public web
pages, belonging to your organisation'.  That link is not current (it
is to an old, archived, website) and it is not to your own
organisation (it is a Xen Project page).

However, the Fusionsphere product information page (to which you
provided a link) prominently referred to a `Fusionsphere 3.1 Solution
description' PDF which mentions Xen a number of times.  So that was
sufficient to demonstrate your status as a user/distributor of Xen.


We look forward to receiving a revised application from you.

Thanks,
Ian.

_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.