[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC PATCH] Make Security Policy Doc ready to become a CNA


can we agree on a final URL for the generated docs (the ones generated from SUPPORT.md). That would enable me to send out a new series



From: Lars Kurth <lars.kurth.xen@xxxxxxxxx>
Date: Wednesday, 21 March 2018 at 09:18
To: George Dunlap <George.Dunlap@xxxxxxxxxx>
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>, "security@xxxxxxxxxxxxxx" <security@xxxxxxxxxxxxxx>
Subject: Re: [RFC PATCH] Make Security Policy Doc ready to become a CNA



On 20 Mar 2018, at 17:38, George Dunlap <george.dunlap@xxxxxxxxxx> wrote:


On 03/19/2018 04:37 PM, Lars Kurth wrote:

And this time with patch: note to myself - never try sendmail with --compose again (-;

This patch contains a proposal to change
such that it points to SUPPORT.md. Having scope and process information is necessary
to become a CNA. This is the last piece, before formally asking to become a CNA.

To make the review of this easier, I based it on xenbits:/larsk/governance.git
(contains the pandoc as published today and the html)

[PATCH] Make Security Policy Doc ready to become a CNA

To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md

Expected changes:
- Resend once the URL that is currently open has been agreed
 with Ian Jackson

Signed-off-by: Lars Kurth <
security-policy.pandoc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..22e274b 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,6 +19,14 @@ Scope of this process

This process primarily covers the [Xen Hypervisor
+Specific information about features with security support can be found in
+1.  [SUPPORT.md](
+    in the releases' tar ball and its xen.git tree and on
+    [web pages generated from the SUPPORT.md file](add URL)

Not sure we should include the direct (ugly) link.  Other than that
looks OK to me.


No strong opinion either way. There is no real harm in having it and it's just a link on the final document


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.