[libvirt] [PATCH] Document security reporting & handling process
Eric Blake
eblake at redhat.com
Fri Jun 28 17:45:59 UTC 2013
On 06/04/2013 09:33 AM, Eric Blake wrote:
> On 06/04/2013 04:06 AM, Daniel P. Berrange wrote:
>> From: "Daniel P. Berrange" <berrange at redhat.com>
>>
>> Historically security issues in libvirt have been primarily
>> triaged & fixed by the Red Hat libvirt members & Red Hat
>> security team, who then usually notify other vendors via
>> appropriate channels. There have been a number of times
>> when vendors have not been properly notified ahead of
>> announcement. It has also disadvantaged community members
>> who have to backport fixes to releases for which there are
>> no current libvirt stable branches.
>>
>> To address this, we want to make the libvirt security process
>> entirely community focused / driven. To this end I have setup
>> a new email address "libvirt-security at redhat.com" for end
>> users to report bugs which have (possible) security implications.
>> Document how to report security bugs and the process that
>> will be used for addressing them.
>>
>> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
>> ---
>> docs/bugs.html.in | 12 +++++
>> docs/contact.html.in | 12 +++++
>> docs/securityprocess.html.in | 113 +++++++++++++++++++++++++++++++++++++++++++
>> docs/sitemap.html.in | 4 ++
>> 4 files changed, 141 insertions(+)
>> create mode 100644 docs/securityprocess.html.in
Did this ever get pushed? It should go in before 1.1.0 is released,
particularly since we have already used this list to discuss
CVE-2013-2218 (more details on Monday when embargo ends).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130628/3e57e6be/attachment-0001.sig>
More information about the libvir-list
mailing list