[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] SUPPORT.md: Make all security support explicit

  • To: George Dunlap <george.dunlap@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 2 May 2023 13:19:32 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dqbuaeoXW+5rsCtxwnigwiHezoJP/GDY0KCe4Lwn3+U=; b=bkzry4NfrkR7rO4I3Fj5vuBUw2OKeBvjf3yPhipQtFicznNQ2SWHuwvj7W/+ImA7VZDXbJpJmYHygCFkezNkyk+XfW/z9yZzbjXTYOAc3+/ZfDU4h0DGaIGyfmpa00tudyhOHKhqBgKXhN2UStx921f+SiElAyFD118cdPudfQMEU+8UAs/kWmaUD6SFc5bcJc7NTfD/dlDCp2amPwZ4p5mckori7tmCj4JnVVpSuUQocQcCV2GknZPLCaZMU1FXOEKbXUm2U1r9/7+ymZTArOHbDcCyI80nOzm+pvL1S+fTs8phddpfXrhbtaajdRbGvpTQXkCkZphxpqEP6UuGTg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jID5z2WgZrRDtW+1/yKgjHYLFz2ny9PK9aPg2Kt08wXviM4LEfKr/zRfx0wNgIcj8vKAZqsCaZxt5RoWUI5YL7mTnlZLEX+rva9S0UPWVrb/3Ean5vPCNsHqTxsYzEEaD5WWqZO/sejzO0+IvSgKc+xJnUsniVT2OL5knp8QHVWYcOh8bG5rgteOlCpAWct6xetvWpT2dWpiT3zoNCH+r/jARA3EGQuiJDGOXOi2OWL6s7gJYS3CiRllIBgGbBZIrhxsIlGLu1sFHJ28H7sie/vVbSmobEzBh84iNnyfLPq9hcERJRq5E7KHKbSP6i1s169EAKEyVNQi/2duO9kWfQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 02 May 2023 11:19:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 28.04.2023 10:12, George Dunlap wrote:
> --- a/SUPPORT.md
> +++ b/SUPPORT.md
> @@ -17,6 +17,36 @@ for the definitions of the support status levels etc.
>  Release Notes
>  : <a 
> href="https://wiki.xenproject.org/wiki/Xen_Project_X.YY_Release_Notes";>RN</a>
>  
> +# General security support
> +
> +An XSA will always be issued for security-related bugs which are
> +present in a "plain vanilla" configuration.  A "plain vanilla"
> +configuration is defined as follows:
> +
> +* The Xen hypervisor is built from a tagged release of Xen, or a
> +  commit which was on the tip of one of the supported stable branches.
> +
> +* The Xen hypervisor was built with the default config for the platform
> +
> +* No Xen command-line parameters were specified
> +
> +* No parameters for Xen-related drivers in the Linux kernel were specified
> +
> +* No modifications were made to the default xl.conf
> +
> +* xl.cfg files use only core functionality
> +
> +* Alternate toolstacks only activate functionality activated by the
> +  core functionality of xl.cfg files.
> +
> +Any system outside this configuration will only be considered security
> +supported if the functionality is explicitly listed as supported in
> +this document.
> +
> +If a security-related bug exits only in a configuration listed as not
> +security supported, the security team will generally not issue an XSA;
> +the bug will simply be handled in public.

In this last paragraph, did you perhaps mean "not listed as security
supported"? Otherwise we wouldn't improve our situation, unless I'm
misunderstanding and word order doesn't matter here in English. In which
case some unambiguous wording would need to be found.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.