[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] New Email Account for Security

James Harper writes ("RE: [Xen-devel] New Email Account for Security"):
> Is there a reason why this shouldn't just be another mailing list? Or
> maybe I don't understand the purpose...

The purpose is to provide a point of contact for someone who thinks
they have found a security problem (ie, a security bug) in Xen and
would like to contact someone in confidence about it.  A bit like
vendor-sec but Xen-specific.

The list or alias (it doesn't really matter how it's implemented)
needs to have approval on subscriptions so that the confidentiality
can be maintained but the main Xen vendors should have no problem
getting onto it.  Given that, and the smallish size, running it as an
alias seems reasonable.

Just to be clear, it's not a list for general discussion of security
in Xen or possible new security functionality or TPM development or
anything of that kind.  It's just for vulnerability reports.

Reporters who prefer immediate full disclosure, rather than
`responsible disclosure' to a group of vendors, can continue to use
xen-devel.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.