[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen Project Security Whitepaper v1 is ready for community review



Dear Community Members,

just under 3 months ago, we started a community consultation titled "Xen 
Security Process Consultation: is there a case to change anything?" (see 
https://lists.xenproject.org/archives/html/xen-announce/2018-02/msg00000.html). 
As promised, I would collate the input - together with further analysis trying 
to genuinely consider the implications of what respondents to the consultation 
have been suggesting - in a white paper. The white paper is attached and 
contains

1) Baseline: an analysis of our XSAs and how we dealt with XSAs in the recent 
past
2) Results from the Community Consultation
2.1) Feedback received from a community consultation
2.2) Analysis
3) Recommendations and policy changes - some is quite extensive to try and 
tries to evaluate the impact of policy changes, which would result if we 
implemented solutions to issues highlighted by our users.

The next step is for community members to provide public feedback. If it turns 
out there is a case for changes/improvements, I will condense the output of 
this discussion into a concrete change proposal (or a series thereof) to be 
voted on in the usual way. This may require several iterations. Note that the 
document contains workflow and tools related feedback, which I did not 
anticipate. Some issues highlighted should be easy to fix, others will require 
additional discussion on xen-devel@, such as
* Inconsistent Meta Data and XSA prerequisites
* Git baseline of patches
* Release cycle related (issues)

The document tries to label all discussion items, such that it is easy to 
comment. I normally attach a converted markdown version: however, this is 
unwieldly in this case, because there is a large number of tables and images. 
Thus, I have created a google doc copy which allows anyone with the following 
link 
https://docs.google.com/document/d/1FbGV4ZZB9OU8SI4b9ntnM-l6NaQLND8Yfd9u11V5Q5A/edit?usp=sharing
 to comment on sections of the document. If you do, please make sure you 
identify yourself in the comment and/or also highlight feedback in the e-mail 
thread discussion that will follow this document.  

Please also let us know areas of the whitepaper you agree with, as this will 
make it overall easier to identify how much consensus there would be to address 
specific issues and proposals in the document. Otherwise the discussion will 
primarily focus on points of contention, while other areas where in fact there 
may be consensus, will be missed. If there is little or no feedback (either 
positive or negative), we have to assume that people are happy with the status 
quo and that there is only a weak case for changes. 

Best Regards
Lars



Attachment: Xen Project Security Whitepaper v1.0.pdf
Description: Xen Project Security Whitepaper v1.0.pdf

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.