Xen project Mailing List

Re: [Predisclosure-applications] Application for NetBSD

To: Christos Zoulas <christos@xxxxxxxxxx>, <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>

From: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Fri, 11 Dec 2015 09:59:27 +0000

Cc: security-alert@xxxxxxxxxx, security-officer@xxxxxxxxxx

Delivery-date: Fri, 11 Dec 2015 10:00:45 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

On Wed, 2015-12-09 at 12:39 -0500, Christos Zoulas wrote: Than you, this all appears to be in order. I have subscribed security-alert @netbsd.orgÂto the lists and will send copies of the currently embargoed issues XSA-155, -157, -164, -165 and -166 to that alias. http://xenbits.xen.org/xsa/Âhas an overview of the (public) information about all XSAs. Cheers, Ian. > Hello, > > Appended are the answers to your questions from: > > http://www.xenproject.org/security-policy.html > > Please consider including us in your pre-disclosure emails. > > Best Regards, > > Christos Zoulas, Secretary > > ----------------------------------------------------------------------- > ---- > > - The name of your organization > > ÂÂÂÂThe NetBSD Foundation, LLC. > > - Domain name(s) which you use to provide Xen software/services > > ÂÂÂÂNetBSD.org > > - A brief description of why you fit the criteria > > ÂÂÂÂ1. NetBSD was one of the first Open Source operating systems ported > ÂÂÂÂÂÂÂto XEN. We offer both dom0 and domU support, and we have been > ÂÂÂÂÂÂÂdoing that for many years > ÂÂÂÂ2. pkgsrc is the portable third party software packaging system > ÂÂÂÂÂÂÂused by NetBSD and others to manage third-party software, > ÂÂÂÂÂÂÂincluding Xen. It is available on 23 different platforms > > - If not all of your products/services use Xen, a list of (some of) > Â your products/services (or categories thereof) which do. > > ÂÂÂÂN/A, The NetBSD Operating System. The pkgsrc third-party packaging > system > > - Link(s) to current public web pages, belonging to your organisation, > Â for each of following pieces of information: > > ÂÂÂÂhttp://www.netbsd.org/ > ÂÂÂÂhttp://www.pkgsrc.org/ > > ÂÂÂÂo Evidence of your status as a service/software provider: > > ÂÂÂÂÂÂÂÂ* If you are a public hosting provider, your public rates or > ÂÂÂÂÂÂÂÂÂÂhow to get a quote > > ÂÂÂÂÂÂÂÂÂÂÂÂN/A > > ÂÂÂÂÂÂÂÂ* If you are a software provider, how your software can be > ÂÂÂÂÂÂÂÂÂÂdownloaded or purchased > > ÂÂÂÂÂÂÂÂÂÂÂÂftp://ftp.netbsd.orig/pub/NetBSD/ > ÂÂÂÂÂÂÂÂÂÂÂÂhttp://ftp.netbsd.org/pub/NetBSD/ > > ÂÂÂÂÂÂÂÂ* If you are an open-source project, a mailing list archive > and/or > ÂÂÂÂÂÂÂÂÂÂversion control repository, with active development > > ÂÂÂÂÂÂÂÂÂÂÂÂanoncvs@xxxxxxxxxxxxxxxxxx:/cvsroot > ÂÂÂÂÂÂÂÂÂÂÂÂhttp://mail-index.netbsd.org > > ÂÂÂÂo Evidence of your status as a user/distributor of Xen: > > ÂÂÂÂÂÂÂÂ* Statements about, or descriptions of, your eligible production > ÂÂÂÂÂÂÂÂÂÂservices or released software, from which it is immediately > ÂÂÂÂÂÂÂÂÂÂevident that they use Xen. > > ÂÂÂÂÂÂÂÂÂÂÂÂhttp://wiki.netbsd.org/ports/xen/ > > ÂÂÂÂo Information about your handling of security problems: > > ÂÂÂÂÂÂÂÂ* Your invitation to members of the public, who discover security > ÂÂÂÂÂÂÂÂÂÂproblems with your products/services, to report them in > confidence > ÂÂÂÂÂÂÂÂÂÂto you; > > ÂÂÂÂÂÂÂÂÂÂÂÂhttp://www.netbsd.org/support/security/ > > ÂÂÂÂÂÂÂÂ* Specifically, the contact information (email addresses or other > ÂÂÂÂÂÂÂÂÂÂcontact instructions) which such a member of the public should > use. > > ÂÂÂÂÂÂÂÂÂÂÂÂsecurity-alert@xxxxxxxxxx > > ÂÂÂÂBlog postings, conference presentations, social media pages, Flash > ÂÂÂÂpresentations, videos, sites which require registration, anything > ÂÂÂÂpassword-protected, etc., are not acceptable. PDFs of reasonable > ÂÂÂÂsize are acceptable so long as the URL you provide is of a ordinary > ÂÂÂÂHTML page providing a link to the PDF. > > ÂÂÂÂÂÂÂÂN/A > > ÂÂÂÂIf the pages are long and/or PDFs are involved, your email should say > ÂÂÂÂwhich part of the pages and documents are relevant. > > ÂÂÂÂÂÂÂÂN/A > > - A statement to the effect that you have read this policy and agree to > Â abide by the terms for inclusion in the list, specifically the > requirements > Â to regarding confidentiality during an embargo period > > ÂÂÂÂI have read the security policy and I will abide by the terms > ÂÂÂÂfor inclusion in the list, specifically the requirements > ÂÂÂÂregarding confidentiality during an embargo period > > - The single (non-personal) email alias you wish added to the > predisclosure > Â list. > > ÂÂÂÂsecurity-alert@xxxxxxxxxx > > _______________________________________________ > Predisclosure-applications mailing list > Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx > http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applic > ations _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.