Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Lars Kurth]

Hi all,

the patch series for modifications to http://www.xenproject.org/security-policy.html has gone it's second revision and is ready for voting. In accordance with our governance, committers are eligible to vote. Others can of course voice their opinion.

The complete series can be found in the following mails
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03021.html - [PATCH v2 SECURITY-POLICY 0/9] Security policy ambiguities - XSA-108 process post-mortem
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03020.html - [PATCH v2 SECURITY-POLICY 1/9] Grammar fix: Remove a comma splice
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03018.html - [PATCH v2 SECURITY-POLICY 2/9] Add headings
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03016.html - [PATCH v2 SECURITY-POLICY 3/9] Deployment with Security Team Permission
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03022.html - [PATCH v2 SECURITY-POLICY 4/9] Use a public mailing list for predisclosure membership applications.
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03019.html - [PATCH v2 SECURITY-POLICY 5/9] Tighten, and make more objective, predisclosure list application
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03015.html - [PATCH v2 SECURITY-POLICY 6/9] Explicitly permit within-list information sharing during embargo
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03014.html - [PATCH v2 SECURITY-POLICY 7/9] Clarify and fix prior consultation text
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03017.html - [PATCH v2 SECURITY-POLICY 8/9] Clarify what announcements may be made by to service users
* http://lists.xen.org/archives/html/xen-devel/2015-01/msg03023.html - [PATCH v2 SECURITY-POLICY 9/9] Document changes in changelog and heading

As there seems to be no objections, in the discussion leading to this patch series, I think we don't need to have a voting form. Replying to this mail with +1, 0 -1 "comment" should suffice. Should there be objections and they are specific to a specific change above, please refer to the specific change.

I will collate the results on Thursday and make an announcement

All committers are CC'ed

Regards
Lars

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Ian Campbell]

graft 44 <29EFAD61-815C-4F11-B17D-2C0DB93C1C94@gmail.com>
thanks

Just grafting CFV onto the bug.

Ian.

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Jan Beulich]

>>> On 03.02.15 at 13:09, <lars.kurth.xen@gmail.com> wrote:
> the patch series for modifications to 
> http://www.xenproject.org/security-policy.html has gone it's second revision 
> and is ready for voting. In accordance with our governance, committers are 
> eligible to vote. Others can of course voice their opinion.
> 
> The complete series can be found in the following mails
> [...]
> As there seems to be no objections, in the discussion leading to this patch 
> series, I think we don't need to have a voting form. Replying to this mail 
> with +1, 0 -1 "comment" should suffice. Should there be objections and they 
> are specific to a specific change above, please refer to the specific change.

+1

Jan

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Ian Jackson]

Lars Kurth writes ("Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)"):
> Hi all,
> 
> the patch series for modifications to http://www.xenproject.org/security-policy.html has gone it's second revision and is ready for voting. In accordance with our governance, committers are eligible to vote. Others can of course voice their opinion.
> 
> The complete series can be found in the following mails
...
> As there seems to be no objections, in the discussion leading to this patch series, I think we don't need to have a voting form. Replying to this mail with +1, 0 -1 "comment" should suffice. Should there be objections and they are specific to a specific change above, please refer to the specific change.
> 
> I will collate the results on Thursday and make an announcement

Thanks, Lars.

+1.

Ian.

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Tim Deegan]

At 12:09 +0000 on 03 Feb (1422961751), Lars Kurth wrote:
> the patch series for modifications to
> http://www.xenproject.org/security-policy.html has gone it's second
> revision and is ready for voting. In accordance with our governance,
> committers are eligible to vote. Others can of course voice their
> opinion.
[...]
> As there seems to be no objections, in the discussion leading to
> this patch series, I think we don't need to have a voting
> form. Replying to this mail with +1, 0 -1 "comment" should
> suffice. Should there be objections and they are specific to a
> specific change above, please refer to the specific change.

+1.

Tim.

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Ian Campbell]

On Tue, 2015-02-03 at 12:09 +0000, Lars Kurth wrote:
> the patch series for modifications to
> http://www.xenproject.org/security-policy.html has gone it's second
> revision and is ready for voting. In accordance with our governance,
> committers are eligible to vote. Others can of course voice their
> opinion.
[...]
> As there seems to be no objections, in the discussion leading to this
> patch series, I think we don't need to have a voting form. Replying to
> this mail with +1, 0 -1 "comment" should suffice. Should there be
> objections and they are specific to a specific change above, please
> refer to the specific change.

+1.

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Lars Kurth]

Hi all,

seems we have for in favour and no objections. So the change carries.

@Ian Jackson: 
I suppose we need to get the list(s) created that were referenced, sign up core members, before we can go fully life with this change. Also, please send me the complete text such that I can upload it. I have not added any new vendors, such that there are no merge conflicts. I think there may have been one or two that need to be added as part of the old policy.

Regards
Lars

> On 3 Feb 2015, at 12:09, Lars Kurth <lars.kurth.xen@gmail.com> wrote:
> 
> Hi all,
> 
> the patch series for modifications to http://www.xenproject.org/security-policy.html has gone it's second revision and is ready for voting. In accordance with our governance, committers are eligible to vote. Others can of course voice their opinion.
> 
> The complete series can be found in the following mails
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03021.html - [PATCH v2 SECURITY-POLICY 0/9] Security policy ambiguities - XSA-108 process post-mortem
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03020.html - [PATCH v2 SECURITY-POLICY 1/9] Grammar fix: Remove a comma splice
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03018.html - [PATCH v2 SECURITY-POLICY 2/9] Add headings
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03016.html - [PATCH v2 SECURITY-POLICY 3/9] Deployment with Security Team Permission
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03022.html - [PATCH v2 SECURITY-POLICY 4/9] Use a public mailing list for predisclosure membership applications.
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03019.html - [PATCH v2 SECURITY-POLICY 5/9] Tighten, and make more objective, predisclosure list application
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03015.html - [PATCH v2 SECURITY-POLICY 6/9] Explicitly permit within-list information sharing during embargo
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03014.html - [PATCH v2 SECURITY-POLICY 7/9] Clarify and fix prior consultation text
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03017.html - [PATCH v2 SECURITY-POLICY 8/9] Clarify what announcements may be made by to service users
> * http://lists.xen.org/archives/html/xen-devel/2015-01/msg03023.html - [PATCH v2 SECURITY-POLICY 9/9] Document changes in changelog and heading
> 
> As there seems to be no objections, in the discussion leading to this patch series, I think we don't need to have a voting form. Replying to this mail with +1, 0 -1 "comment" should suffice. Should there be objections and they are specific to a specific change above, please refer to the specific change.
> 
> I will collate the results on Thursday and make an announcement
> 
> All committers are CC'ed
> 
> Regards
> Lars
> 
> 

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Lars Kurth]

Hi all,

I just wanted to explain why we have not modified the security process on the website yet. I am waiting for two mailing lists to be created 
a) one is fairly trivial, as it is a public list 
b) the other one requires more careful design - it should be archived, but archives should not be publicly accessible, but only to list members. Something we can't easily do with MailMan and MHonArc.

I will prepare a blog post though by Monday, which we can schedule at a convenient point, for publication.

Regards
Lars 

> On 11 Feb 2015, at 12:25, Lars Kurth <lars.kurth.xen@gmail.com> wrote:
> 
> Hi all,
> 
> seems we have for in favour and no objections. So the change carries.
> 
> @Ian Jackson: 
> I suppose we need to get the list(s) created that were referenced, sign up core members, before we can go fully life with this change. Also, please send me the complete text such that I can upload it. I have not added any new vendors, such that there are no merge conflicts. I think there may have been one or two that need to be added as part of the old policy.
> 
> Regards
> Lars

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Lars Kurth]

Folks,
this bug should probably be closed.
Lars

Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[Ian Campbell]

close 44
thanks

On Tue, 2015-09-22 at 13:12 +0100, Lars Kurth wrote:
> Folks,
> this bug should probably be closed.

I think you meant #44. I've closed that here.

Anyone can close any bug, no special privilege is required

See http://wiki.xen.org/wiki/Xen_Bug_Management_Interface.

Ian.

Processed: Re: Formal Vote for changes to Xen Project Security Policy encoded in [PATCH v2 SECURITY-POLICY */9] (vote ends next Wed, Feb 11th)

[xen]

Processing commands for xen@bugs.xenproject.org:

> close 44
Closing bug #44
> thanks
Finished processing.

Modified/created Bugs:
 - 44: http://bugs.xenproject.org/xen/bug/44

---
Xen Hypervisor Bug Tracker
See http://wiki.xen.org/wiki/Reporting_Bugs_against_Xen for information on reporting bugs
Contact xen-bugs-owner@bugs.xenproject.org with any infrastructure issues