[libvirt] Libvirt Security Notices
Daniel P. Berrange
berrange at redhat.com
Fri Jan 17 14:43:25 UTC 2014
Hi Folks,
After much work I've finally got a formal Libvirt Security Notice (LSN)
setup worked out.
Every security issue that is reported & confirmed on the libvirt security
mailing list will have a formal LSN prepared. This is a simple XML document
containing metadata & other information about the issue we deem relevant.
Initially this will be private if there is an embargo applied.
Once the issue is made public, will the LSN notices will be added to the
following public GIT repository:
http://libvirt.org/git/?p=libvirt-security-notice.git;a=summary
This GIT repository is used to populate a new public website
http://security.libvirt.org/
A plain text rendering of the LSN will also be sent to the mailing
list
libvirt-announce at redhat.com
Every issue is available in text, html and xml formats eg
http://security.libvirt.org/2014/0002.txt
http://security.libvirt.org/2014/0002.html
http://security.libvirt.org/2014/0002.xml
If anyone backports a fix for a security issue to various -maint branches,
the LSN notice in GIT should be updated with GIT hash of the backports. If
a maint release is created, the tag should also be added to the LSN.
After countless hours investigation I have populated the repository with
a list of all historical issues in libvirt that I'm aware of.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list