From: George Dunlap <george.dunlap@eu.citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [Xen-users] Security disclosure process discussion update
Date: Wed, 24 Apr 2013 12:02:41 +0100 [thread overview]
Message-ID: <5177BBD1.5070209@eu.citrix.com> (raw)
In-Reply-To: <1366400507.29403.5.camel@dagon.hellion.org.uk>
On 19/04/13 20:41, Ian Campbell wrote:
> On Tue, 2013-04-16 at 15:13 +0100, Ian Campbell wrote:
>> On Tue, 2013-04-16 at 14:05 +0100, George Dunlap wrote:
>>> On 15/04/13 15:55, Ian Campbell wrote:
>>>> Asking them to setup xen-security-team@distro.org seems a bit of a
>>>> burden
>>> I'm just curious, is it really that much of a burden? If Debian, for
>>> example, already has infrastructure to accept
>>> "<package>@packages.debian.org", how much extra work is it to add
>>> "<package>-security@debian.org"?
>> For just one $package its probably still a moderate amount of work. I
> Ian J pointed out to me IRL that this is the sort of thing alioth (the
> Debian Source/FusionForge instance) ought to be able to provide and I
> can see an interface which purports to allow me to create a private list
> on there (but I've not tried it).
>
> Not sure about other distros but this seems to solve it for Debian at
> least.
How about the following:
The addition of individual e-mail addresses for
an organization in addition to the organizational e-mail address
will be considered in exceptional circumstances; for example, if
the maintainer for the xen package is not on the organization's
security e-mail list, and either maintaining a separate list or
having those on the list act as an intermediary would be too
onerous.
-George
next prev parent reply other threads:[~2013-04-24 11:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-17 12:58 Security disclosure process discussion update George Dunlap
2013-01-07 16:37 ` Konrad Rzeszutek Wilk
2013-01-07 16:46 ` [Xen-users] " Ian Campbell
2013-01-07 19:12 ` Konrad Rzeszutek Wilk
2013-01-08 8:56 ` Ian Campbell
2013-01-15 15:41 ` George Dunlap
2013-04-08 11:24 ` George Dunlap
2013-04-15 14:55 ` [Xen-users] " Ian Campbell
2013-04-16 13:05 ` George Dunlap
2013-04-16 14:13 ` Ian Campbell
2013-04-19 19:41 ` Ian Campbell
2013-04-24 11:02 ` George Dunlap [this message]
2013-05-01 15:31 ` George Dunlap
2013-05-01 15:37 ` Ian Campbell
2013-05-01 15:38 ` George Dunlap
[not found] ` <CAFLBxZbs2AeO3h=r3jOzM=+nG9p-hpTi4CAuk_qQc-rW0nc7Bg@mail.gmail.com>
2013-04-19 18:56 ` Matt Wilson
2013-04-23 9:37 ` George Dunlap
2013-04-23 9:49 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5177BBD1.5070209@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.