Re: [PATCH] Document security reporting & handling process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 28, 2013 at 11:45:59AM -0600, Eric Blake wrote:
> On 06/04/2013 09:33 AM, Eric Blake wrote:
> > On 06/04/2013 04:06 AM, Daniel P. Berrange wrote:
> >> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> >>
> >> Historically security issues in libvirt have been primarily
> >> triaged & fixed by the Red Hat libvirt members & Red Hat
> >> security team, who then usually notify other vendors via
> >> appropriate channels. There have been a number of times
> >> when vendors have not been properly notified ahead of
> >> announcement. It has also disadvantaged community members
> >> who have to backport fixes to releases for which there are
> >> no current libvirt stable branches.
> >>
> >> To address this, we want to make the libvirt security process
> >> entirely community focused / driven. To this end I have setup
> >> a new email address "libvirt-security@xxxxxxxxxx" for end
> >> users to report bugs which have (possible) security implications.
> 
> >> Document how to report security bugs and the process that
> >> will be used for addressing them.
> >>
> >> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> >> ---
> >>  docs/bugs.html.in            |  12 +++++
> >>  docs/contact.html.in         |  12 +++++
> >>  docs/securityprocess.html.in | 113 +++++++++++++++++++++++++++++++++++++++++++
> >>  docs/sitemap.html.in         |   4 ++
> >>  4 files changed, 141 insertions(+)
> >>  create mode 100644 docs/securityprocess.html.in
> 
> Did this ever get pushed?  It should go in before 1.1.0 is released,
> particularly since we have already used this list to discuss
> CVE-2013-2218 (more details on Monday when embargo ends).

  Right, I pushed it !

    thanks !

Daniel

-- 
Daniel Veillard      | Open Source and Standards, Red Hat
veillard@xxxxxxxxxx  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]