|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] RFC v2: Scope of Vulnerabilities for which XSAs are issued
>>> On 15.02.17 at 17:37, <george.dunlap@xxxxxxxxxx> wrote: > On 15/02/17 09:44, Jan Beulich wrote: >>>>> On 14.02.17 at 18:25, <george.dunlap@xxxxxxxxxx> wrote: >>> 4. The security team will only issue an advisory if there is a known >>> combination of software in which the vulnerability can be exploited. >> >> Considering the following text, perhaps "may" would end up a little >> less strict here than "can"? Or add "possibly"? Everything else looks >> good to me now, fwiw. > > I understand your concern, I think: There are lots of situations that > won't be black-and-white (because of lack of knowledge), and this makes > it sound like we won't issue an advisory for any gray areas. > > I don't think in this context "can" and "may" have significantly > different meanings in English. > > How about: > > 4. The security team will only issue an advisory if there is a known > combination of software in which the vulnerability can be exploited, or > a significant risk that such a combination exists. That sounds fine. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |