<p>Computer systems have bugs. Currently recognised best practice for bugs with security implications is to notify significant downstream users in private; leave a reasonable interval for downstreams to respond and prepare updated software packages; then make public disclosure.</p>
<p>We want to encourage people to report bugs they find to us. Therefore we will treat with respect the requests of discoverers, or other vendors, who report problems to us.</p>
<h2 id="scope-of-this-process">Scope of this process</h2>
-<p>This process primarily covers the <a href="index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484">Xen Hypervisor Project</a>. Vulnerabilties reported against other Xen Project teams will be handled on a best effort basis by the relevant Project Lead together with the Security Response Team.</p>
+<p>This process primarily covers the <a href="index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484">Xen Hypervisor Project</a>. Specific information about features with security support can be found in</p>
+<ol style="list-style-type: decimal">
+ <li><a href="http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md">SUPPORT.md</a> in the releases' tar ball and its xen.git tree and on <a href="https://xenbits.xen.org/docs/unstable/support-matrix.html">web pages generated from the SUPPORT.md file</a></li>
+ <li>For releases that do not contain SUPPORT.md, this information can be found on the <a href="https://wiki.xenproject.org/wiki/Xen_Project_Release_Features">Release Feature wiki page</a></li>
+</ol>
+<p>Vulnerabilities reported against other Xen Project teams will be handled on a best effort basis by the relevant Project Lead together with the Security Response Team.</p>
<h2 id="specific-process">Specific process</h2>
<ol style="list-style-type: decimal">
<li>
<h2 id="change-history">Change History</h2>
<div class="box-note">
<ul>
+ <li><strong>v3.18 April 27th 2018:</strong> Added reference to SUPPORT.md</li>
<li><strong>v3.17 July 20th 2017:</strong> Added Zynstra</li>
<li><strong>v3.16 April 21st 2017:</strong> Added HostPapa</li>
<li><strong>v3.15 March 21st 2017:</strong> Added CloudVPS (Feb 13) and BitDefender SRL (March 21) to the predisclosure list</li>
This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
-Vulnerabilties reported against other Xen Project teams will be handled on a
+Specific information about features with security support can be found in
+
+1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+ in the releases' tar ball and its xen.git tree and on
+ [web pages generated from the SUPPORT.md file](https://xenbits.xen.org/docs/unstable/support-matrix.html)
+2. For releases that do not contain SUPPORT.md, this information can be found
+ on the [Release Feature wiki page](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features)
+
+Vulnerabilities reported against other Xen Project teams will be handled on a
best effort basis by the relevant Project Lead together with the Security
Response Team.
--------------
<div class="box-note">
-
+- **v3.18 April 27th 2018:** Added reference to SUPPORT.md
- **v3.17 July 20th 2017:** Added Zynstra
- **v3.16 April 21st 2017:** Added HostPapa
- **v3.15 March 21st 2017:** Added CloudVPS (Feb 13) and BitDefender SRL
projects / people / larsk / governance.git / commitdiff