From: George Dunlap <george.dunlap@eu.citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [Xen-users] Security disclosure process discussion update
Date: Wed, 1 May 2013 16:38:53 +0100 [thread overview]
Message-ID: <5181370D.90809@eu.citrix.com> (raw)
In-Reply-To: <1367422674.3142.747.camel@zakaz.uk.xensource.com>
On 01/05/13 16:37, Ian Campbell wrote:
> On Wed, 2013-05-01 at 16:31 +0100, George Dunlap wrote:
>> On 24/04/13 12:02, George Dunlap wrote:
>>> On 19/04/13 20:41, Ian Campbell wrote:
>>>> On Tue, 2013-04-16 at 15:13 +0100, Ian Campbell wrote:
>>>>> On Tue, 2013-04-16 at 14:05 +0100, George Dunlap wrote:
>>>>>> On 15/04/13 15:55, Ian Campbell wrote:
>>>>>>> Asking them to setup xen-security-team@distro.org seems a bit of a
>>>>>>> burden
>>>>>> I'm just curious, is it really that much of a burden? If Debian, for
>>>>>> example, already has infrastructure to accept
>>>>>> "<package>@packages.debian.org", how much extra work is it to add
>>>>>> "<package>-security@debian.org"?
>>>>> For just one $package its probably still a moderate amount of work. I
>>>> Ian J pointed out to me IRL that this is the sort of thing alioth (the
>>>> Debian Source/FusionForge instance) ought to be able to provide and I
>>>> can see an interface which purports to allow me to create a private list
>>>> on there (but I've not tried it).
>>>>
>>>> Not sure about other distros but this seems to solve it for Debian at
>>>> least.
>>> How about the following:
>>>
>>> The addition of individual e-mail addresses for
>>> an organization in addition to the organizational e-mail address
>>> will be considered in exceptional circumstances; for example, if
>>> the maintainer for the xen package is not on the organization's
>>> security e-mail list, and either maintaining a separate list or
>>> having those on the list act as an intermediary would be too
>>> onerous.
>> Ping?
> Sorry, thought I'd replied.
>
> Given that Ian J has pointed me to Alioth private lists I'm no longer
> concerned about this from Debian's PoV. I don't really know if this is
> going to be an issue for other distros or not -- I suppose I'm inclined
> to feel that if Debian can manage it so can they.
OK -- and in any case that's kind of a separate issue from the big one,
which is allowing more people to be on the list.
Thanks,
-George
next prev parent reply other threads:[~2013-05-01 15:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-17 12:58 Security disclosure process discussion update George Dunlap
2013-01-07 16:37 ` Konrad Rzeszutek Wilk
2013-01-07 16:46 ` [Xen-users] " Ian Campbell
2013-01-07 19:12 ` Konrad Rzeszutek Wilk
2013-01-08 8:56 ` Ian Campbell
2013-01-15 15:41 ` George Dunlap
2013-04-08 11:24 ` George Dunlap
2013-04-15 14:55 ` [Xen-users] " Ian Campbell
2013-04-16 13:05 ` George Dunlap
2013-04-16 14:13 ` Ian Campbell
2013-04-19 19:41 ` Ian Campbell
2013-04-24 11:02 ` George Dunlap
2013-05-01 15:31 ` George Dunlap
2013-05-01 15:37 ` Ian Campbell
2013-05-01 15:38 ` George Dunlap [this message]
[not found] ` <CAFLBxZbs2AeO3h=r3jOzM=+nG9p-hpTi4CAuk_qQc-rW0nc7Bg@mail.gmail.com>
2013-04-19 18:56 ` Matt Wilson
2013-04-23 9:37 ` George Dunlap
2013-04-23 9:49 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5181370D.90809@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.