Xen project Mailing List

[Predisclosure-applications] 答复: Huawei application for pre disclosure list

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

From: "Gujiahui Gu(Jiahui)" <gujiahui@xxxxxxxxxx>

Date: Thu, 2 Jul 2015 12:09:57 +0000

Accept-language: zh-CN, en-US

Cc: "predisclosure-applications@xxxxxxxxxxxxxxxxxxxx" <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>, "Hanweidong \(Randy\)" <hanweidong@xxxxxxxxxx>

Delivery-date: Thu, 02 Jul 2015 12:10:30 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Thread-index: AQHQs0BMHqDto2f0ikelTxUpqQ+e9Z3IDzlg

Thread-topic: [Predisclosure-applications] Huawei application for pre disclosure list

Hi, I have send the revised application, please check, thanks. -----邮件原件----- 发件人: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx] 发送时间: 2015年6月30日 22:22 收件人: Gujiahui Gu(Jiahui) 抄送: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx; Hanweidong (Randy) 主题: Re: [Predisclosure-applications] Huawei application for pre disclosure list Gujiahui Gu(Jiahui) writes ("[Predisclosure-applications] Huawei application for pre disclosure list"): > Here is the application from Huawei Technologies Co., Ltd. Hi. Thanks. We've considered your application in accordance with the Xen Project Security Policy. I'm afraid there are a couple of things missing: Firstly, the policy requires: * Link(s) to current public web pages, belonging to your organisation, for each of following pieces of information: [...] + Your invitation to members of the public, who discover security problems with your products/services, to report them in confidence to you; + Specifically, the contact information (email addresses or other contact instructions) which such a member of the public should use. We didn't see such a link in your email. Secondly, the policy requires: * A statement to the effect that you have read this policy and agree to abide by the terms for inclusion in the list, specifically the requirements to regarding confidentiality during an embargo period. Likewise, we did not see that in your email. Note that we did not use this link: > The FusionSphere integrates the FusionCompute virtualization > platformand FusionManager cloud management software. UVP (Unified > Virtualization Platform) is a compont of FusionCompute and UVP is an > XEN based hypervisor. ( > http://www-archive.xenproject.org/community/vendors/XenProductsPage.ht > ml > ). This is because the policy requires links to be to `current public web pages, belonging to your organisation'. That link is not current (it is to an old, archived, website) and it is not to your own organisation (it is a Xen Project page). However, the Fusionsphere product information page (to which you provided a link) prominently referred to a `Fusionsphere 3.1 Solution description' PDF which mentions Xen a number of times. So that was sufficient to demonstrate your status as a user/distributor of Xen. We look forward to receiving a revised application from you. Thanks, Ian. _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.