[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process - confirmed



I can do this, if nobody objects
Lars

-----Original Message-----
From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx] 
Sent: 13 December 2011 15:54
To: Sander Eikelenboom
Cc: security@xxxxxxx; Lars Kurth; xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Security vulnerability process - confirmed

Sander Eikelenboom writes ("Re: [Xen-devel] Security vulnerability process - 
confirmed"):
> Monday, December 12, 2011, 5:37:46 PM, you wrote:
> >    Public advisories will be posted to xen-devel.
...> 
> >    Copies will also be sent to the pre-disclosure list, unless
> >    the advisory was already sent there previously during the embargo
> >    period and has not been updated since.
> 
> shouldn't this include at least xen-users and xen-announce,

I think the Xen.org security team will be happy to send the messages
to a wider audience.  Lars, can you change this to say:

   Public advisories will be posted to xen-devel, xen-users and
   xen-annnounce.

?

> and perhaps a special read only list for security advisories ?

I think xen-announce will probably do.  It's very low traffic.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.