From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: xen-devel@lists.xensource.com
Subject: Re: Coverity + XenProject + Process?
Date: Fri, 6 Sep 2013 09:33:45 -0400 [thread overview]
Message-ID: <20130906133345.GK2590@phenom.dumpdata.com> (raw)
In-Reply-To: <1378373198.14745.9.camel@kazak.uk.xensource.com>
On Thu, Sep 05, 2013 at 10:26:38AM +0100, Ian Campbell wrote:
> On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote:
> > Hey
> >
> > We have a static analyzer setup for Xen called Coverity. It allows
> > the code to be inspected for bugs and such.
> >
> > Originally I setup this so that we could make sure that there are no
> > bugs that cause security issues - and as such invited only folks
> > on the security Xen mailing list.
> >
> > But there are other folks who I am sure would like to contribute
> > and as Coverity is pretty amazing at analyzing issues and providing
> > a good idea of how to fix it - was wondering what should be the
> > procedure for involving volunteers for that?
>
> This conversation and the decision is on going to take a while.
>
> In the meantime we (security@ or xen-devel@) have received offers of
> help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are
> well known to us and IMHO trustworthy. Matthew and Andrew have been
> involved in both disclosing and helping to resolve multiple security
> issues in the past. I don't think Steven has been involved in security
> disclosure stuff (apologies Steven if I've forgotten) but has none the
> less been active in Xen and with various security related aspects of the
> project.
>
> Given that I would like to propose that we give all three of them access
> while the policy conversation is on going.
+1
>
> Any objections? If so then please raise them by the end of business this
> Sunday (8 September).
>
> Ian.
>
>
next prev parent reply other threads:[~2013-09-06 13:33 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-30 15:00 Coverity + XenProject + Process? Konrad Rzeszutek Wilk
2013-08-30 15:34 ` David Vrabel
2013-08-30 16:08 ` Ian Campbell
2013-08-31 9:36 ` Ian Campbell
2013-08-31 21:50 ` Matt Wilson
2013-09-02 9:57 ` Lars Kurth
2013-09-04 17:14 ` Ian Campbell
2013-09-04 22:20 ` Steven Maresca
2013-09-04 22:25 ` Steven Maresca
2013-09-05 9:26 ` Ian Campbell
2013-09-06 13:33 ` Konrad Rzeszutek Wilk [this message]
2013-09-08 22:13 ` Matt Wilson
2013-09-09 13:30 ` Konrad Rzeszutek Wilk
2013-09-09 14:20 ` Ian Campbell
2013-09-09 19:08 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130906133345.GK2590@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).