Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

[Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>]

Lars Kurth writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108 
process post-mortem"):
> I also was wondering whether it would make sense to put a time-limit
> on applications. For example, we could say that processing an
> application will take 2 weeks. By doing so, we avoid having to
> handle applications as a response to media speculation. If we get an
> application wrong, and allow somebody wrong on the list who then
> discloses information related to an embargo, we would create risks
> for others already on the list. This would be the worst possible
> outcome for the project. Just a thought

I can see that this is attractive, but on the other hand I think it
was very useful to the Xen community as a whole, that members were
able to join /during/ the last furore.  I think having an artificial
delay would generate ill-feeling.

Since IMO there should be clear objective criteria, these applications
should be routine, and we shouldn't have too much trouble with them.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel