[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

To: "Jan Beulich" <JBeulich@xxxxxxxx>
From: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Nov 2014 17:21:38 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 10 Nov 2014 17:21:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Jan Beulich writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108 
process post-mortem"):
> There's one more thing I thought of btw: When we change the
> policy following whatever community input we gathered (not just
> now, but also in the future), people currently on the pre-disclosure
> list may (at least theoretically) end up no longer qualifying for
> being on the list. Shouldn't we
> - add some kind of statement to the effect of implicit agreement
>   to changed terms,
> - provide means for list members to be removed other than by
>   them asking for it?

Perhaps the right approach is to have a requalification process, where
each member's predisclosure list membership is reviewed periodically.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: Re: [Xen-devel] BUG in xennet_make_frags with paged skb data
Next by Date: Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
Previous by thread: Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
Next by thread: Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.