On Fri, Jan 17, 2014 at 02:43:25PM +0000, Daniel P. Berrange wrote: > Hi Folks, > > After much work I've finally got a formal Libvirt Security Notice (LSN) > setup worked out. > > Every security issue that is reported & confirmed on the libvirt security > mailing list will have a formal LSN prepared. This is a simple XML document > containing metadata & other information about the issue we deem relevant. > Initially this will be private if there is an embargo applied. > > Once the issue is made public, will the LSN notices will be added to the > following public GIT repository: > > http://libvirt.org/git/?p=libvirt-security-notice.git;a=summary > > This GIT repository is used to populate a new public website > > http://security.libvirt.org/ Hat off, very useful idea !!! > Every issue is available in text, html and xml formats eg > > http://security.libvirt.org/2014/0002.txt > http://security.libvirt.org/2014/0002.html > http://security.libvirt.org/2014/0002.xml Nicely done ! > > If anyone backports a fix for a security issue to various -maint branches, > the LSN notice in GIT should be updated with GIT hash of the backports. If > a maint release is created, the tag should also be added to the LSN. > > After countless hours investigation I have populated the repository with > a list of all historical issues in libvirt that I'm aware of. Excellent work, really ! Daniel -- Daniel Veillard | Open Source and Standards, Red Hat veillard@xxxxxxxxxx | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list