From: Ian Campbell <ian.campbell@citrix.com>
To: xen-devel@lists.xen.org
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>,
Ian Campbell <ian.campbell@citrix.com>
Subject: [PATCH 5/6] Patch review, expert advice and targetted fixes
Date: Thu, 23 Aug 2012 11:37:53 +0100 [thread overview]
Message-ID: <1345718274-7900-5-git-send-email-ian.campbell@citrix.com> (raw)
In-Reply-To: <1345718230.12501.79.camel@zakaz.uk.xensource.com>
See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
"Patch development and review"
---
security_vulnerability_process.html | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index 687e452..c830a04 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -109,8 +109,13 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
process.</p></li>
<p>(This may rely on the other project(s) having
documented and responsive security contact points)</p>
- <li><p>We will prepare or check patch(es) which fix the vulnerability.
- This would ideally include all relevant backports.</p></li>
+ <li><p>We will prepare or check patch(es) which fix the
+ vulnerability. This would ideally include all relevant
+ backports. Patches will be tightly targeted on fixing the
+ specific security vulnerability in the smallest, simplest and
+ most reliable way. Where necessary domain specific experts
+ within the community will be brought in to help with patch
+ preparation.</p></li>
<li><p>We will determine which systems/configurations/versions are
vulnerable, and what the impact of the vulnerability is.
Depending on the nature of the vulnerability this may involve
--
1.7.10.4
next prev parent reply other threads:[~2012-08-23 10:37 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-19 18:16 Security vulnerability process, and CVE-2012-0217 Ian Jackson
2012-06-20 8:49 ` Jan Beulich
2012-06-20 9:45 ` George Dunlap
2012-06-20 10:32 ` Jan Beulich
2012-07-02 13:59 ` Ian Campbell
2012-07-02 14:58 ` Jan Beulich
2012-07-02 15:04 ` Ian Campbell
2012-07-02 15:17 ` Alan Cox
2012-07-02 15:20 ` Ian Campbell
2012-06-28 18:30 ` Alan Cox
2012-07-04 9:27 ` Ian Campbell
2012-07-04 10:04 ` John Haxby
2012-06-29 10:26 ` George Dunlap
2012-06-29 10:41 ` Jan Beulich
2012-07-02 14:00 ` Ian Campbell
2012-06-23 19:42 ` Matt Wilson
2012-06-28 17:45 ` George Dunlap
2012-07-02 13:59 ` Ian Campbell
2012-06-27 18:07 ` Thomas Goirand
2012-06-27 19:14 ` Alan Cox
2012-06-27 19:30 ` Sander Eikelenboom
2012-06-28 9:28 ` Lars Kurth
2012-07-02 13:58 ` Ian Campbell
2012-07-02 14:51 ` Jan Beulich
2012-07-02 14:57 ` Ian Campbell
2012-07-03 22:03 ` Matt Wilson
2012-07-04 10:33 ` Ian Campbell
2012-07-04 11:24 ` Stefano Stabellini
2012-07-04 12:36 ` George Dunlap
2012-07-04 12:52 ` Jan Beulich
2012-07-04 12:56 ` George Dunlap
2012-07-04 13:01 ` Jan Beulich
2012-07-04 13:30 ` Stefano Stabellini
2012-07-04 14:09 ` Jan Beulich
2012-07-04 15:09 ` Stefano Stabellini
2012-07-06 14:36 ` John Haxby
2012-07-06 16:39 ` Matthew Allen
2012-07-06 17:24 ` George Dunlap
2012-06-29 10:01 ` George Dunlap
2012-06-29 15:48 ` Thomas Goirand
2012-07-02 13:59 ` Ian Campbell
2012-07-02 15:13 ` Alan Cox
2012-07-03 11:12 ` George Dunlap
2012-07-03 14:18 ` Stefano Stabellini
2012-08-23 10:37 ` Ian Campbell
2012-08-23 10:37 ` [PATCH 1/6] Clarify what info predisclosure list members may share during an embargo Ian Campbell
2012-08-23 10:37 ` [PATCH 2/6] Clarifications to predisclosure list subscription instructions Ian Campbell
2012-08-23 10:37 ` [PATCH 3/6] Clarify the scope of the process to just the hypervisor project Ian Campbell
2012-08-23 10:37 ` [PATCH 4/6] Discuss post-embargo disclosure of potentially controversial private decisions Ian Campbell
2012-08-23 10:37 ` Ian Campbell [this message]
2012-08-23 10:37 ` [PATCH 6/6] Declare version 1.3 Ian Campbell
2012-09-24 11:25 ` Security vulnerability process, and CVE-2012-0217 [vote?] Lars Kurth
2012-10-01 16:38 ` Ian Jackson
2012-10-03 17:03 ` Lars Kurth
2012-10-04 8:39 ` Lars Kurth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1345718274-7900-5-git-send-email-ian.campbell@citrix.com \
--to=ian.campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).