From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: xen-devel@lists.xensource.com
Subject: Coverity + XenProject + Process?
Date: Fri, 30 Aug 2013 11:00:53 -0400 [thread overview]
Message-ID: <20130830150053.GP21239@phenom.dumpdata.com> (raw)
Hey
We have a static analyzer setup for Xen called Coverity. It allows
the code to be inspected for bugs and such.
Originally I setup this so that we could make sure that there are no
bugs that cause security issues - and as such invited only folks
on the security Xen mailing list.
But there are other folks who I am sure would like to contribute
and as Coverity is pretty amazing at analyzing issues and providing
a good idea of how to fix it - was wondering what should be the
procedure for involving volunteers for that?
Initially it was recommended that they agree to the security
disclosure (http://www.xenproject.org/security-policy.html) and
will agree to use by default the "Two working weeks between issue
of our advisory to our predisclosure list and publication."
But I am not sure who should have the power to veto/accept
volunteers? Should security@Xen.org do that? Or should folks
at Xen Devel mailing list be involved in it as well?
Should that security disclosure be used for that as well?
Ideas?
Thank you.
next reply other threads:[~2013-08-30 15:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-30 15:00 Konrad Rzeszutek Wilk [this message]
2013-08-30 15:34 ` Coverity + XenProject + Process? David Vrabel
2013-08-30 16:08 ` Ian Campbell
2013-08-31 9:36 ` Ian Campbell
2013-08-31 21:50 ` Matt Wilson
2013-09-02 9:57 ` Lars Kurth
2013-09-04 17:14 ` Ian Campbell
2013-09-04 22:20 ` Steven Maresca
2013-09-04 22:25 ` Steven Maresca
2013-09-05 9:26 ` Ian Campbell
2013-09-06 13:33 ` Konrad Rzeszutek Wilk
2013-09-08 22:13 ` Matt Wilson
2013-09-09 13:30 ` Konrad Rzeszutek Wilk
2013-09-09 14:20 ` Ian Campbell
2013-09-09 19:08 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130830150053.GP21239@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).