]>
xenbits.xensource.com Git - people/iwj/security-process.git/log
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Ian Campbell [Thu, 16 Aug 2012 14:45:06 +0000 (15:45 +0100)]
Discuss post-embargo disclosure of potentially controversial private decisions
See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
"11. Transparency"
Ian Campbell [Thu, 16 Aug 2012 14:27:00 +0000 (15:27 +0100)]
Clarify the scope of the process to just the hypervisor project
Other projects are handled on a best effort basis by the project lead
with the assistance of the security team.
See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
"9. Vulnerability process scope"
Ian Campbell [Thu, 16 Aug 2012 14:11:18 +0000 (15:11 +0100)]
Clarifications to predisclosure list subscription instructions
Specially:
* Mention that subscriptions via the webterface do not work / are
not honoured.
* Mention the preference for role addresses only.
See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
"8. Predisclosure subscription process, and email address
criteria"
Ian Campbell [Thu, 16 Aug 2012 14:04:43 +0000 (15:04 +0100)]
Clarify what info predisclosure list members may share during an
embargo
See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
"7. Public communications during the embargo period"
Ian Campbell [Thu, 16 Aug 2012 14:04:06 +0000 (15:04 +0100)]
Baseline version.
Downloaded from
http://www.xen.org/projects/security_vulnerability_process.html
at Thu Aug 16 15:04:25 BST 2012
projects / people / iwj / security-process.git / log