Tighten, and make more objective, predisclosure list application
Applicants should be required to:
- Provide information on their public web pages which makes
it clear that and why they are eligible;
- Specifically, publicly state that and how they are using Xen
(so that the Security Team can verify eligibility);
- Provide a way for members of the public to responsibly report
security problems to the applicant, just as the Xen Project does.
The Security Team should be forbidden from trying to hunt down
eligibility information etc. and should instead be mandated to reject
incomplete requests.
Also remove the "case-by-case-basis" membership exception. This is
not consistent with the new objective membership application process.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
projects / people / larsk / security-process.git / commit