[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Usage of Xen Security Data in VulnerableCode
- To: Tushar Goel <tushar.goel.dav@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Tue, 10 Jan 2023 13:45:42 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XWb0VbvPm8jSmoBaGDxroV2OdrW4JuVkM0w5nXMnJO4=; b=PfA4Cwqb50p7UHGZFL+DntnEHZ1jdbRqhgKgjK7SwFpcXalwp8eYlQxr0FfagFeEC+Zo2Tn+p26+ayxgzuYyWzlXGG25iL/AL6Kr2MLmtnngh8FkIBwrAMdOxspzr8BNKoHFw7yMb9NXaCLDVu1xfJf8ggx+qDxkVlOSpwHYeBOh0jTXq7+KPFUrVt4JIG+lOkiDbun23FbiBqujQbPV+oPLoZXTA2WuauLyIervS6+FC4M8eAsNWMekAXNPpcLw81vlgL9y8MgT3+yz+l5rJHJMCQmIAY02JepUy2DgeOL5jN6ELjQ0QKrgxi2W+7b+ucdeYxZykwkw517EPgKVnw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ArmuJbaWL5dF4AtiXAj/CyftoyrRfkeV9iVcuT1d9GFryF4AdBLyUxypgoUxmQbSJtdaTjhZQT2y029kZWSKirksNfaN95BQ2C7YOrWpWLPvBtaeI+tL6RnU5O9Blxy6fyEUXSmTa4Ootq5kD4g074t4cEv0EEIrOzMLWe0LRRf4NbEg0dOKtZZ7lmZ5TiGkwTTCU7iHbOWI3UjnQOyYJwLaaAAMHxTbl9S+bIaZMOybRv+avYU00fZvz6x6p2ULPke61FVA/42E3kfpnVzflag5Vg+ZaC7OwBmd0ox3rIdPuUhD7dppYu8qVBZ4ySlA4nB9ygxbW/C2n+cff1XloQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Xen Security <security@xxxxxxx>
- Delivery-date: Tue, 10 Jan 2023 13:46:00 +0000
- Ironport-data: A9a23:gUcC2Kvp9FjimHzRsW9w23dvfOfnVGdfMUV32f8akzHdYApBsoF/q tZmKWvUbKuMYTH8fo91ao6zpExTuMLQzd43TlBq+Cw3FXtH+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaHzyFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwBCFQSjWl2/2N4J2rSOByiNQDdpioM9ZK0p1g5Wmx4fcOZ7nmG/+P3vkBmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osj/6xa7I5efTTLSlRtm+eq njL4CLSBRYCOcbE4TGE7mitlqnEmiaTtIc6Refjqq460AL7Kmo7GFood0OcntKAkFO+UtdxF EBP5Q8Usv1nnKCsZpynN/Gim1aYowUcUsAWHOo37EeBw7T87AOQB2xCRTlEAPQ2uclzSTE02 1uhm9LyGScpoLCTUWia9LqfsXW1Iyd9BXQPbjIeTBcUy8nupsc0lB2nczp4OKu8j9mwAjepx TmP9HI6n+9L0ZVN0Lin91fahT7qvoLOUgM++gTQWCSi8x99Y4mmIYev7DA38Mp9EWpQdXHZ1 FBspiRUxLlm4U2l/MBVfNgwIQ==
- Ironport-hdrordr: A9a23:rAjPc6iW7iWs32AbL5WfZVr7FXBQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHZJPgyisjAiCiXW0uW9I6mR5F/Cq6XqbkA
- Thread-topic: Usage of Xen Security Data in VulnerableCode
On 10/01/2023 1:33 pm, Tushar Goel wrote:
> Hey,
>
> We would like to integrate the xen security data[1][2] data
> in vulnerablecode[3] which is a FOSS db of FOSS vulnerability data.
> We were not able to know under which license this security data comes.
> We would be grateful to have your acknowledgement over
> usage of the xen security data in vulnerablecode and
> have some kind of licensing declaration from your side.
>
> [1] - https://xenbits.xen.org/xsa/xsa.json
> [2] - https://github.com/nexB/vulnerablecode/pull/1044
> [3] - https://github.com/nexB/vulnerablecode
Hmm, good question...
In practice, it is public domain, not least because we publish it to
Mitre and various public mailing lists, but I'm not aware of having
explicitly tried to choose a license.
Maybe we want to make it CC-BY-4 to require people to reference back to
the canonical upstream ?
~Andrew
|
