[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [Final Community Review] Xen Security Problem Response Process v2



Dear Community Members,

In the last update about the security problem response process changes (http://blog.xen.org/index.php/2012/12/17/security-disclosure-process-discussion-update), we promised a vote in mid-January. Near the end of the window, some additional changes were proposed, and we were somewhat sidetracked with launching Xen as a Linux Foundation Collaborative Project.

As this process impacts many Xen users, we feel that it is prudent to run through a final week of community review (closing on Monday May 20th).

The proposal can be found at
http://www.xenproject.org/component/content/article/85-about-xen/138-xen-security-problem-response-process-v2-proposal.html

Significant changes to the document are:
- Expand eligibility of who can join the predisclosure list
- Clarify definitions of who can join the predisclosure list
- Clarify information that needs to be supplied when joining the predisclosure list
- Change e-mail alias to security@xenproject

Review comments are to be posted in response to this thread (on xen-devel and xen-users). Please do not revisit arguments, which have been made at length in previous discussions. Hopefully, we got this right now and can move forward with a formal vote in the last week of May and get the new process implemented.

Best Regards
Lars


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.