[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Coverity + XenProject + Process?

On Thu, Sep 05, 2013 at 10:26:38AM +0100, Ian Campbell wrote:
> On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote:
> > Hey
> > 
> > We have a static analyzer setup for Xen called Coverity. It allows
> > the code to be inspected for bugs and such.
> > 
> > Originally I setup this so that we could make sure that there are no
> > bugs that cause security issues - and as such invited only folks
> > on the security Xen mailing list.
> > 
> > But there are other folks who I am sure would like to contribute
> > and as Coverity is pretty amazing at analyzing issues and providing
> > a good idea of how to fix it - was wondering what should be the
> > procedure for involving volunteers for that?
> This conversation and the decision is on going to take a while.
> In the meantime we (security@ or xen-devel@) have received offers of
> help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are
> well known to us and IMHO trustworthy. Matthew and Andrew have been
> involved in both disclosing and helping to resolve multiple security
> issues in the past. I don't think Steven has been involved in security
> disclosure stuff (apologies Steven if I've forgotten) but has none the
> less been active in Xen and with various security related aspects of the
> project.
> Given that I would like to propose that we give all three of them access
> while the policy conversation is on going.

> Any objections? If so then please raise them by the end of business this
> Sunday (8 September).
> Ian.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.