From: Gonglei <arei.gonglei@huawei.com>
To: Peter Maydell <peter.maydell@linaro.org>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Minutes of QEMU Summit 2015 (2015-08-18, Seattle)
Date: Sun, 6 Sep 2015 14:48:44 +0800 [thread overview]
Message-ID: <55EBE1CC.6090104@huawei.com> (raw)
In-Reply-To: <CAFEAcA8QVa2dfwnyiNvOoFLtnXRr9uBaJ6a2yP+krb410js5+A@mail.gmail.com>
On 2015/9/4 20:24, Peter Maydell wrote:
> * Security process
> * We've improved and documented our security process over the last
> year or so, but it could still be improved.
> * Big problem -- we fix CVEs on master, but we don't provide a stable
> release with security fixes until the next time we would have
> done a release anyway; this can mean we go for months without
> any available stable release without known security issues.
> * We could do a stable release immediately we have a CVE, but this
> is obviously more work for our stable maintainer (Michael Roth).
> We might get a few CVEs a cycle, though obviously it varies.
I have another proposal:
If we fix CVEs on master, we'd better have a place (maybe www.qemu.org?)
to describe which stable releases are influenced. In this way, the user can fix these CVEs
easier according to the Qemu versions which they used. Meanwhile, it doesn't have
strong requires that release another stable version.
Regards,
-Gonglei
next prev parent reply other threads:[~2015-09-06 6:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-04 12:24 [Qemu-devel] Minutes of QEMU Summit 2015 (2015-08-18, Seattle) Peter Maydell
2015-09-04 12:41 ` Daniel P. Berrange
2015-09-06 2:11 ` Fam Zheng
2015-09-06 15:49 ` Peter Maydell
2015-09-06 6:05 ` Stefan Weil
2015-11-06 16:22 ` Peter Maydell
2015-11-08 12:12 ` Stefan Weil
2015-09-06 6:48 ` Gonglei [this message]
2015-09-06 18:55 ` Peter Crosthwaite
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55EBE1CC.6090104@huawei.com \
--to=arei.gonglei@huawei.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).