|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
On 10 Oct 2014, at 16:47, Jan Beulich <jbeulich@xxxxxxxx> wrote: > >>> Predisclosure list memembership > > This whole final section I completely agree with. > > There's one more thing I thought of btw: When we change the > policy following whatever community input we gathered (not just > now, but also in the future), people currently on the pre-disclosure > list may (at least theoretically) end up no longer qualifying for > being on the list. Shouldn't we > - add some kind of statement to the effect of implicit agreement > to changed terms, > - provide means for list members to be removed other than by > them asking for it? > > Jan I also was wondering whether it would make sense to put a time-limit on applications. For example, we could say that processing an application will take 2 weeks. By doing so, we avoid having to handle applications as a response to media speculation. If we get an application wrong, and allow somebody wrong on the list who then discloses information related to an embargo, we would create risks for others already on the list. This would be the worst possible outcome for the project. Just a thought Regards Lars _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |