From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: [PATCH 5/6] Patch review, expert advice and targetted fixes Date: Thu, 23 Aug 2012 11:37:53 +0100 Message-ID: <1345718274-7900-5-git-send-email-ian.campbell@citrix.com> References: <1345718230.12501.79.camel@zakaz.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1345718230.12501.79.camel@zakaz.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org Cc: Ian Jackson , Ian Campbell List-Id: xen-devel@lists.xenproject.org See <20448.49637.38489.246434@mariner.uk.xensource.com>, section "Patch development and review" --- security_vulnerability_process.html | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html index 687e452..c830a04 100644 --- a/security_vulnerability_process.html +++ b/security_vulnerability_process.html @@ -109,8 +109,13 @@ if(ns4)_d.write("<\/scr process.

(This may rely on the other project(s) having documented and responsive security contact points)

-

  • We will prepare or check patch(es) which fix the vulnerability. - This would ideally include all relevant backports.

    • +

  • We will prepare or check patch(es) which fix the + vulnerability. This would ideally include all relevant + backports. Patches will be tightly targeted on fixing the + specific security vulnerability in the smallest, simplest and + most reliable way. Where necessary domain specific experts + within the community will be brought in to help with patch + preparation.

  • We will determine which systems/configurations/versions are vulnerable, and what the impact of the vulnerability is. Depending on the nature of the vulnerability this may involve -- 1.7.10.4