From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <Ian.Campbell@citrix.com>
Subject: Re: [PATCH SECURITY-POLICY 3/9] Deployment with
 Security Team Permission
Date: Mon, 19 Jan 2015 12:35:29 +0000
Message-ID: <1421670929.10440.75.camel@citrix.com>
References: <21689.27383.339939.319567@chiark.greenend.org.uk>
	<1421437941-10997-1-git-send-email-ijackson@chiark.greenend.org.uk>
	<1421437941-10997-3-git-send-email-ijackson@chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Ian.Campbell@citrix.com>) id 1YDBYf-0007ow-Nn
	for xen-devel@lists.xenproject.org; Mon, 19 Jan 2015 12:35:53 +0000
In-Reply-To: <1421437941-10997-3-git-send-email-ijackson@chiark.greenend.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Jackson <ijackson@chiark.greenend.org.uk>
Cc: lars.kurth.xen@gmail.com, xen-devel@lists.xenproject.org, Ian Jackson <Ian.Jackson@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Fri, 2015-01-16 at 19:52 +0000, Ian Jackson wrote:
> Permitting deployment during embargo seemed to have rough consensus on
> the principle.  We seemed to be converging on the idea that the
> Security Team should explicitly set deployment restrictions for each
> set of patches.
> 
> Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
> ---
>  security_vulnerability_process.html |   11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
> index 010cf76..de5e83e 100644
> --- a/security_vulnerability_process.html
> +++ b/security_vulnerability_process.html
> @@ -212,6 +212,17 @@ following:</p>
>    <li>The assigned XSA number</li>
>    <li>The planned disclosure date</li>
>  </ul>
> +<p>List members may, if (and only if) the Security Team grants
> +permission, deploy fixed versions during the embargo.  Permission for
> +deployment, and any restrictions, will be stated in the embargoed
> +advisory text.</p>

Do you have a corresponding patch to our advisory template to add a
section with an XXX for this?

> +<p>The Security Team will normally permit such deployment, even for
> +systems where VMs are managed or used by non-members of the
> +predisclosure list.  The Security Team will impose deployment
> +restrictions only insofar as it is necessary to prevent the exposure
> +of technicalities (for example, differences in behaviour) which
> +present a significant risk of rediscovery of the vulnerability.  Such
> +situations are expected to be rare.</p>
>  <p><em>NOTE:</em> Prior v2.2 of this policy (25 June 2014) it was
>  permitted to also make available the allocated CVE number. This is no
>  longer permitted in accordance with MITRE policy.</p>