|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
On Mon, Nov 03, 2014 at 11:37:23AM +0000, George Dunlap wrote: > On Fri, Oct 31, 2014 at 10:40 PM, Matt Wilson <msw@xxxxxxxxx> wrote: [...] > > There's been a bit of talk about "delay" and so on. I'd rather not set > > expectations on how long the processing a petition to be added to the > > predisclosure list should take. Building community consensus takes > > time, just as it does for other activities like getting a patch > > applied. I don't think that this process needs to be different. > > We might remove some of the (potential) pressure to rush things by > saying that once approved, new members will not receive information > about *currently embargoed* disclosures, but only about *future* > disclosures. > > I.e., the rush of people for XSA-108 wouldn't be in a rush because (by > policy) they wouldn't have been eligible to receive XSA-108 anyway. > > But perhaps that would be too unpopular to actually implement... The decision making mechanics aside, that makes sense to me. --msw _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |