Lars Kurth
2013-May-10 16:11 UTC
[Final Community Review] Xen Security Problem Response Process v2
Dear Community Members, In the last update about the security problem response process changes (http://blog.xen.org/index.php/2012/12/17/security-disclosure-process-discussion-update), we promised a vote in mid-January. Near the end of the window, some additional changes were proposed, and we were somewhat sidetracked with launching Xen as a Linux Foundation Collaborative Project. As this process impacts many Xen users, we feel that it is prudent to run through a final week of community review (closing on Monday May 20th). The proposal can be found at http://www.xenproject.org/component/content/article/85-about-xen/138-xen-security-problem-response-process-v2-proposal.html Significant changes to the document are: - Expand eligibility of who can join the predisclosure list - Clarify definitions of who can join the predisclosure list - Clarify information that needs to be supplied when joining the predisclosure list - Change e-mail alias to security@xenproject Review comments are to be posted in response to this thread (on xen-devel and xen-users). Please do not revisit arguments, which have been made at length in previous discussions. Hopefully, we got this right now and can move forward with a formal vote in the last week of May and get the new process implemented. Best Regards Lars