Lars Kurth
2013-Jun-28 15:12 UTC
Minor Xen project process clarifications (security process, governance process)
Hi everybody, I am going to make two minor clarifications in the next few days. I believe we need no vote for this. Lars 1) http://www.xenproject.org/security-policy.html* 5. Advisory public release:* At the embargo date we will publish the advisory, and push bugfix changesets to public revision control trees. Public advisories will be posted to xen-devel, xen-users and xen-annnounce and will be added to theSecurity Announcements wiki page <http://wiki.xenproject.org/wiki/Security_Announcements>. Copies will also be sent to the pre-disclosure list. Change: replace the link to point to http://xenbits.xen.org/xsa/ (which contains an automatically generated lists of advisories) 2) http://www.xenproject.org/governance.html** Making Contributions Making contributions in Xen follows the conventions as they are known in the Linux Kernel community. In summary contributions are made through patches that are reviewed by the community. Xen does not require community members to sign contribution or committer agreements. We do require contributors to sign contrinbutions using the sign-off feature of the code repository, following the same approach as the Linux Kernel does (seeDeveloper Certificate Of Origin <http://elinux.org/Developer_Certificate_Of_Origin>). Add a sentence, which states that "This means that contributors retain the copyright of their contributions." _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel