[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217



On Thu, 2012-06-28 at 19:30 +0100, Alan Cox wrote:
> 
> > > 8. Predisclosure subscription process, and email address criteria
> 
> Email is not a trustworthy medium. The linux security list  was in the
> past intercepted. 

I think it would be wise to add encryption (and the requirement to
provide a key) to the pre-disclosure list. I wonder if mailman has
per-subscriber encryption capabilities.

If not then we should consider moving this particular list to a list
manager which can. Apparently whatever the linux-distros list uses can
do this (judging from
http://oss-security.openwall.org/wiki/mailing-lists/distros)

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.