From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: Coverity + XenProject + Process?
Date: Mon, 9 Sep 2013 09:30:23 -0400
Message-ID: <20130909133023.GG21435@phenom.dumpdata.com>
References: <20130830150053.GP21239@phenom.dumpdata.com>
	<1378373198.14745.9.camel@kazak.uk.xensource.com>
	<20130908221339.GA4618@u109add4315675089e695.ant.amazon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <20130908221339.GA4618@u109add4315675089e695.ant.amazon.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Matt Wilson <msw@linux.com>
Cc: xen-devel@lists.xensource.com, Ian Campbell <Ian.Campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Sun, Sep 08, 2013 at 03:13:41PM -0700, Matt Wilson wrote:
> On Thu, Sep 05, 2013 at 10:26:38AM +0100, Ian Campbell wrote:
> > On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote:
> > > Hey
> > > 
> > > We have a static analyzer setup for Xen called Coverity. It allows
> > > the code to be inspected for bugs and such.
> > > 
> > > Originally I setup this so that we could make sure that there are no
> > > bugs that cause security issues - and as such invited only folks
> > > on the security Xen mailing list.
> > > 
> > > But there are other folks who I am sure would like to contribute
> > > and as Coverity is pretty amazing at analyzing issues and providing
> > > a good idea of how to fix it - was wondering what should be the
> > > procedure for involving volunteers for that?
> > 
> > This conversation and the decision is on going to take a while.
> > 
> > In the meantime we (security@ or xen-devel@) have received offers of
> > help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are
> > well known to us and IMHO trustworthy. Matthew and Andrew have been
> > involved in both disclosing and helping to resolve multiple security
> > issues in the past. I don't think Steven has been involved in security
> > disclosure stuff (apologies Steven if I've forgotten) but has none the
> > less been active in Xen and with various security related aspects of the
> > project.
> > 
> > Given that I would like to propose that we give all three of them access
> > while the policy conversation is on going.
> > 
> > Any objections? If so then please raise them by the end of business this
> > Sunday (8 September).
> 
> +1

No objections either. +1 for all three!
> 
> --msw