From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <Ian.Campbell@citrix.com>
Subject: Re: Security policy ambiguities - XSA-108 process
 post-mortem
Date: Thu, 9 Oct 2014 17:19:48 +0100
Message-ID: <1412871588.10650.5.camel@citrix.com>
References: <21557.24142.873029.148164@mariner.uk.xensource.com>
	<21557.50031.783473.873273@chiark.greenend.org.uk>
	<A104B0B6-C528-49EA-8460-A333DD1B0587@gmail.com>
	<21558.22370.175292.5524@chiark.greenend.org.uk>
	<CAFLBxZbhmNfaGkYzR9dXB1J2=Vx4qyn=T2NR9Vufu2exy_PW1w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Ian.Campbell@citrix.com>) id 1XcGRX-0002pe-DP
	for xen-devel@lists.xenproject.org; Thu, 09 Oct 2014 16:19:55 +0000
In-Reply-To: <CAFLBxZbhmNfaGkYzR9dXB1J2=Vx4qyn=T2NR9Vufu2exy_PW1w@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: George Dunlap <George.Dunlap@eu.citrix.com>
Cc: Lars Kurth <lars.kurth.xen@gmail.com>, xen-devel <xen-devel@lists.xenproject.org>, Ian Jackson <ijackson@chiark.greenend.org.uk>
List-Id: xen-devel@lists.xenproject.org

T24gVGh1LCAyMDE0LTEwLTA5IGF0IDEyOjI0ICswMTAwLCBHZW9yZ2UgRHVubGFwIHdyb3RlOgo+
IE9uIFRodSwgT2N0IDksIDIwMTQgYXQgMTA6MzcgQU0sIElhbiBKYWNrc29uCj4gPGlqYWNrc29u
QGNoaWFyay5ncmVlbmVuZC5vcmcudWs+IHdyb3RlOgo+ID4gTGFycyBLdXJ0aCB3cml0ZXMgKCJS
ZTogW1hlbi1kZXZlbF0gU2VjdXJpdHkgcG9saWN5IGFtYmlndWl0aWVzIC0gWFNBLTEwOCBwcm9j
ZXNzIHBvc3QtbW9ydGVtIik6Cj4gPj4gT24gOCBPY3QgMjAxNCwgYXQgMTY6MDYsIElhbiBKYWNr
c29uIDxpamFja3NvbkBjaGlhcmsuZ3JlZW5lbmQub3JnLnVrPiB3cm90ZToKPiA+PiA+IE15IHZp
ZXcgaXMgdGhhdCB0aGUgcG9saWN5IHNob3VsZCBiZSBjbGFyaWZpZWQgdG8gcGVybWl0IGRlcGxv
eW1lbnQKPiA+PiA+IGR1cmluZyBlbWJhcmdvLiAgSSBzZWUgbm8gcHJhY3RpY2FsIHJlYXNvbiBm
b3IgcHJldmVudGluZyBpdC4KPiA+Pgo+ID4+IEkgYWdyZWUuIElmIHdlIGRpZG7igJl0IGFsbG93
IGRlcGxveW1lbnQgZHVyaW5nIGFuIGVtYmFyZ28gYSBsb3QgbW9yZQo+ID4+IHVzZXJzIHdvdWxk
IGJlIGF0IHJpc2suCj4gPj4KPiA+PiBIb3dldmVyLCBpbiB0aGlzIGNvbnRleHQgd2UgZG8gbmVl
ZCB0byBsb29rIGF0IGEgbnVtYmVyIG9mIHF1ZXN0aW9uczoKPiA+Pgo+ID4+IGEpIFJpc2sgb2Yg
c29tZW9uZSByZXZlcnNlIGVuZ2luZWVyaW5nIHRoZSB2dWxuZXJhYmlsaXR5IGR1cmluZwo+ID4+
IGRlcGxveW1lbnQuCj4gPgo+ID4gVGhpcyBpcyB3aGF0IG15IGNhdmVhdCBpcyBpbnRlbmRlZCB0
byBhZGRyZXNzLgo+IAo+IFRoYXQncyBub3QgaG93IEkgdW5kZXJzdG9vZCB5b3VyIGNhdmVhdCAo
YXNzdW1pbmcgeW91IG1lYW4KPiAiLi4uUFJPVklERUQgVEhBVCBhbnkgYWN0aW9uIHRha2VuIGJ5
IHRoZSBzZXJ2aWNlIHByb3ZpZGVyIGdpdmVzIG5vCj4gaW5kaWNhdGlvbiAodG8gdGhlaXIgdXNl
cnMgb3IgYW55b25lIGVsc2UpIGFzIHRvIHRoZSBuYXR1cmUgb2YgdGhlCj4gdnVsbmVyYWJpbGl0
eS4iKQo+IAo+IEp1c3QgdG8gYmUgY2xlYXIgd2hhdCBJJ20gdGFsa2luZyBhYm91dCAoYW5kIHdo
YXQgSSB0aGluayBMYXJzIGlzCj4gdGFsa2luZyBhYm91dCk6IFNheSB0aGF0IHRoZXJlIHdhcyBh
IGZpeCB0aGF0IHdhcyBleHBlY3RlZCB0byBoYXZlCj4gbm90aWNlYWJsZSBlZmZlY3RzIG9uIGV4
aXN0aW5nIGZ1bmN0aW9uYWxpdHkgLS0gZm9yIGV4YW1wbGUsIGJyZWFraW5nCj4gY2VydGFpbiAo
b2JzY3VyZSBidXQgb2NjYXNpb25hbGx5IHVzZWQpIGNvbmZpZ3VyYXRpb25zLCBvciBoYXZpbmcg
YQo+IG1lYXN1cmFibGUgcGVyZm9ybWFuY2UgaW1wYWN0IG9uIGNlcnRhaW4gbm90LXVuY29tbW9u
IHdvcmtsb2Fkcy4gIFRoaXMKPiBtaWdodCBjbHVlIHRoZSBhdHRhY2tlciBpbiB0byB3aGF0IGNv
ZGUgdG8gYXVkaXQgdG8gdHJ5IHRvIGZpbmQgdGhlCj4gdnVsbmVyYWJpbGl0eS4KCkkgd2FzIHdv
bmRlcmluZyBhYm91dCB0aGlzIHNvcnQgb2YgdGhpbmcgdG9vLgoKV2UgZG9uJ3Qgd2FudCB0byBs
ZWF2ZSB0aGlzIHVwIHRvIGluZGl2aWR1YWwgbGlzdCBtZW1iZXJzLCBvdGhlcndpc2Ugd2UKYXJl
IGJhY2sgaW4gdGhlIHNpdHVhdGlvbiB3aGVyZSB0d28gbWVtYmVycyByZWFjaCBkaWZmZXJlbnQg
Y29uY2x1c2lvbnMKYW5kIG9uZSBvZiB0aGVtIGVuZHMgdXAgZmVlbGluZyBhZ2dyaWV2ZWQuIFBs
dXMgSSBkb24ndCB0aGluayB3ZSBjYW4KZXhwZWN0IGFsbCBsaXN0IG1lbWJlcnMgdG8gaGF2ZSB0
aGUgdGVjaG5pY2FsIHVuZGVyc3RhbmRpbmcgdG8gbWFrZSB0aGF0CmNhbGwgaW4gdGhlIGZpcnN0
IHBsYWNlLgoKSWFuLgo+IAo+IEZvciBvbmUsIHlvdXIgY2F2ZWF0IGlzIHByZXR0eSBhbWJpZ3Vv
dXM6IG1hbnkgcGVvcGxlIHRvb2sgQW1hem9uJ3MKPiByZWJvb3RpbmcgdG8gbWVhbiB0aGF0IGl0
IHdhcyBhIHJlYWxseSBzZXJpb3VzIHZ1bG5lcmFiaWxpdHkgKGkuZS4sCj4gcHJpdmlsZWdlIGVz
Y2FsYXRpb24pLiAgSW4gdGhpcyBjYXNlIHRoYXQgdHVybmVkIG91dCB0byBiZSB3cm9uZywgYnV0
Cj4gd2hhdCBpdCBpZiAqaGFkKiBiZWVuIGZvciBhIGJ1ZyBsaWtlIFhTQS03PyAgV291bGQgdGhh
dCBjb25zdGl0dXRlCj4gImdpdmluZyBpbmRpY2F0aW9uIGFzIHRvIHRoZSBuYXR1cmUgb2YgdGhl
IHZ1bG5lcmFiaWxpdHkiPwo+IAo+IEZvciB0d28sIEkgd291bGQgaGF2ZSBpbnRlcnByZXRlZCB0
aGlzIGFib3V0IG90aGVyIGFjdGlvbnMgc3Vycm91bmRpbmcKPiB0aGUgZGVwbG95bWVudCwgbm90
IGFjdHVhbGx5IHRoZSBkZXBsb3ltZW50IGl0c2VsZi4KPiAKPiBJIHRoaW5rIHRoYXQgdGhlIHNl
Y3VyaXR5IHRlYW0gc2hvdWxkIGF0dGVtcHQgdG8gZGV0ZXJtaW5lIHdoZXRoZXIKPiBwcmUtZGlz
Y2xvc3VyZSBkZXBsb3ltZW50IG1pZ2h0IGdpdmUgYXdheSB0b28gbXVjaCBpbmZvcm1hdGlvbiwg
YW5kCj4gc3BlY2lmaWNhbGx5IHNheSBpbiBlYWNoIGFkdmlzb3J5IHdoZXRoZXIgZWFybHkgZGVw
bG95bWVudCBpcyBhbGxvd2VkCj4gb3Igbm90LCBwb3RlbnRpYWxseSB3aXRoIHNwZWNpZmljYXRp
b25zIGFib3V0IHdoYXQga2luZCBvZiBkZXBsb3ltZW50cwo+IHdpbGwgYmUgYWxsb3dlZCAoaWYg
bmVjZXNzYXJ5KS4gIE1vc3Qgb2YgdGhlIHRpbWUgdGhpcyB3aWxsIGp1c3QgYmUsCj4gIlJlYm9v
dGluZyBzZXJ2ZXJzIHRvIGRlcGxveSB0aGlzIGZpeCBpcyBhbGxvd2VkIiwgYnV0IGl0IGxlYXZl
cyB0aGUKPiBvcHRpb24gb3BlbiB0byBjaGFuZ2UgaXQgaWYgbmVjZXNzYXJ5Lgo+IAo+ICAtR2Vv
cmdlCj4gCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K
PiBYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Cj4gWGVuLWRldmVsQGxpc3RzLnhlbi5vcmcKPiBodHRw
Oi8vbGlzdHMueGVuLm9yZy94ZW4tZGV2ZWwKCgoKX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlz
dHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9yZy94ZW4tZGV2ZWwK