Xen project Mailing List

Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

From: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 10 Nov 2014 17:29:51 +0000

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Delivery-date: Mon, 10 Nov 2014 17:30:00 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Matt Wilson writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem"): > On this point in particular, back in 2012 [1] I suggested that all > membership requests should be discussed in public on a community email > list like xen-devel, or another email list to avoid noise. The Xen > Project Security Team shouldn't have to evaluate petitions for > membership while managing an embargoed issue. I brought this up again > in 2013 [2] regarding the Coverity process. I agree that publishing applications, and the team's responses, would be a jolly good idea. I am 100% opposed, though, to any kind of non-objective `community consensus' process. Such a system would (a) be unworkable in practice, because no-one really cares about this kind of tedious makework, and (b) at serious risk of favouritism (or its opposite). > This process works quite well for the distros email list, where > requests for membership requests are discussion on oss-security (a > public list). [...] I don't want to criticise another community's process, but I strongly feel that our arrangements should have broad eligibility based on objective criteria. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.