From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] KVM call agenda for 2014-04-28
Date: Tue, 29 Apr 2014 13:09:48 +0300
Message-ID: <20140429100948.GB15521@redhat.com>
References: <8738gxgary.fsf@elfo.mitica>
 <8761ltwjqt.fsf@blackfin.pond.sub.org>
 <20140429055124.GA12031@redhat.com>
 <CAFEAcA9jv5JxhGa+0pDhYC6JO9dACXGpWNNYm=-NMPtoxO7aVw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Markus Armbruster <armbru@redhat.com>,
	qemu list <qemu-devel@nongnu.org>,
	KVM devel mailing list <kvm@vger.kernel.org>,
	Juan Quintela <quintela@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:33318 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S964813AbaD2LIu (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 29 Apr 2014 07:08:50 -0400
Content-Disposition: inline
In-Reply-To: <CAFEAcA9jv5JxhGa+0pDhYC6JO9dACXGpWNNYm=-NMPtoxO7aVw@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Tue, Apr 29, 2014 at 09:56:19AM +0100, Peter Maydell wrote:
> On 29 April 2014 06:51, Michael S. Tsirkin <mst@redhat.com> wrote:
> > If not too late, I'd like to discuss our security process.
> > Do we as the project generally agree to use responsible disclosure policy
> > http://en.wikipedia.org/wiki/Responsible_disclosure ?
> 
> I think something like that makes sense. I'm a bit wary that
> we write up some complicated policy that we're not then
> in practice capable of executing given our level of resources.
> We should certainly write out some documentation though...
> 
> thanks
> -- PMM

I didn't have anything complex in mind.

Let's just make clear how to contact us securely, when to contact that
list, and what we'll do with the info.  I cobbled together the
following:
http://wiki.qemu.org/SecurityProcess

-- 
MST