[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] Minor Xen project process clarifications (security process, governance process)

Hi everybody,
I am going to make two minor clarifications in the next few days. I believe we need no vote for this.

1) http://www.xenproject.org/security-policy.html

5. Advisory public release:

At the embargo date we will publish the advisory, and push bugfix changesets to public revision control trees. Public advisories will be posted to xen-devel, xen-users and xen-annnounce and will be added to the Security Announcements wiki page. Copies will also be sent to the pre-disclosure list.

Change: replace the link to point to http://xenbits.xen.org/xsa/ (which contains an automatically generated lists of advisories)

2) http://www.xenproject.org/governance.html

Making Contributions

Making contributions in Xen follows the conventions as they are known in the Linux Kernel community. In summary contributions are made through patches that are reviewed by the community. Xen does not require community members to sign contribution or committer agreements. We do require contributors to sign contrinbutions using the sign-off feature of the code repository, following the same approach as the Linux Kernel does (see Developer Certificate Of Origin).

Add a sentence, which states that "This means that contributors retain the copyright of their contributions."

Xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.