Hello everyone,
I'm Olivier Lambert, project leader for XCP-ng project (https://xcp-ng.org). This project is aimed to deliver a turnkey Open Source virtualization platform. It's currently based on XenServer, and we started to contribute to Xen/XAPI and its ecosystem (and more will come). You can find all the public work done on it here: https://github.com/xcp-ng
Since our first release, we are at about 15k+ unique downloads, and we can assume safely it starts to be used by thousand people and organizations now.
This is why being included in this pre-disclosure list is important for the project: this way, we could be pro-active and deliver patches quickly (note that we deliver patching via a signed RPM repo, a simple `yum update` do the trick for our users).
We already have a dedicated security contact email: security@xxxxxxxxxx so this is the one we'd like to have enabled for this pre-disclosure list.
We (limited people having access to the security inbox) have read this pre-disclosure policy and agree to abide by the terms for inclusion in the list, including the requirements regarding confidentiality during an embargo period.
We also have a
security@xxxxxxxxxx but IDK if it's relevant to have both on the ML. Up to you, I don't mind having just the .org email there.
Let me know if you need anything else for me to be registered there.
Best,
Olivier Lambert