From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [Formal Vote] Changes to Xen Project Security
 Vulnerability Process - Open until June 8th, 2015
Date: Mon, 1 Jun 2015 13:59:53 -0400
Message-ID: <20150601175953.GJ13347@x230>
References: <35D18A2F-7B4B-47B8-B673-4C049D19344A@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <35D18A2F-7B4B-47B8-B673-4C049D19344A@gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Lars Kurth <lars.kurth.xen@gmail.com>
Cc: keir Fraser <keir@xen.org>, Ian Campbell <Ian.Campbell@citrix.com>, Tim Deegan <tim@xen.org>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Major Hayden <major.hayden@rackspace.com>, "<xen-devel@lists.xen.org>" <xen-devel@lists.xen.org>, security@xenproject.org
List-Id: xen-devel@lists.xenproject.org

On Mon, Jun 01, 2015 at 10:36:25AM +0100, Lars Kurth wrote:
> Hi,
> 
> in accordance with the project's governance, I would like to put the following text changes to a committer vote (committers are on the TO list). The discussion leading to the changes can be found at http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html <http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html>
> 
> Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in private and I will collate results on the 9th.

+1
> 
> Regards
> Lars
> 
> Old text in http://www.xenproject.org/security-policy.html <http://www.xenproject.org/security-policy.html>
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already public): 
> 
> As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list. 
> 
> For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date.
> ---
> 
> Proposed text (this adds an additional paragraph, while  leaving the existing text as-is):
> ---
> Specific process
> ...
> 4. Advisory pre-release: 
> 
> This occurs only if the advisory is embargoed (ie, the problem is not already public): 
> 
> As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list. 
> 
> In the event that we do not have a patch available two working weeks before the disclosure date, we aim to send an advisory that reflects the current state of knowledge to the Xen security pre-disclosure list. An updated advisory will be published as soon as available.
> 
> For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date.
> ---