[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] Minor security policy text changes to avoid ambiguity
See http://xenbits.xen.org/gitweb/?p=people/larsk/governance.git;a=summary for the repository. Signed-off-by: Lars Kurth <lars.kurth@xxxxxxxxxx> CC: committers@xxxxxxxxxxxxxx --- security-policy.pandoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/security-policy.pandoc b/security-policy.pandoc index 8e07384..74d0d8b 100644 --- a/security-policy.pandoc +++ b/security-policy.pandoc @@ -214,8 +214,9 @@ List members are allowed to make available to their users only the following: - The planned disclosure date List members may, if (and only if) the Security Team grants permission, deploy -fixed versions during the embargo. Permission for deployment, and any -restrictions, will be stated in the embargoed advisory text. +fixed versions to their own public facing service during the embargo. Permission +for deployment, and any restrictions, will be stated in the embargoed advisory +text. The Security Team will normally permit such deployment, even for systems where VMs are managed or used by non-members of the predisclosure list. The Security @@ -232,6 +233,9 @@ information about the issue (as listed above). This applies whether the deployment occurs during the embargo (with permission - see above) or is planned for after the end of the embargo. +NB: Distribution of updated software is prohibited (except to other members of +the predisclosure list). + *NOTE:* Prior v2.2 of this policy (25 June 2014) it was permitted to also make available the allocated CVE number. This is no longer permitted in accordance with MITRE policy.[]() @@ -408,6 +412,7 @@ Change History {#changelog} -------------- <div class="box-note"> +- **v3.22 March 1st 2019:** Minor policy text clarifications - **v3.21 Nov 19th 2018:** Added XCP-ng.org - **v3.20 June 14th 2018:** Added Star Lab - **v3.19 May 9th 2018:** Remove Google and Xen 3.4 stable tree maintainer -- 2.13.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |