From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: Re: Coverity + XenProject + Process? Date: Mon, 9 Sep 2013 15:08:55 -0400 Message-ID: <20130909190855.GC4142@phenom.dumpdata.com> References: <20130830150053.GP21239@phenom.dumpdata.com> <1378373198.14745.9.camel@kazak.uk.xensource.com> <20130908221339.GA4618@u109add4315675089e695.ant.amazon.com> <20130909133023.GG21435@phenom.dumpdata.com> <1378736425.19967.161.camel@kazak.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1378736425.19967.161.camel@kazak.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Campbell Cc: Matt Wilson , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On Mon, Sep 09, 2013 at 03:20:25PM +0100, Ian Campbell wrote: > On Mon, 2013-09-09 at 09:30 -0400, Konrad Rzeszutek Wilk wrote: > > On Sun, Sep 08, 2013 at 03:13:41PM -0700, Matt Wilson wrote: > > > On Thu, Sep 05, 2013 at 10:26:38AM +0100, Ian Campbell wrote: > > > > On Fri, 2013-08-30 at 11:00 -0400, Konrad Rzeszutek Wilk wrote: > > > > > Hey > > > > > > > > > > We have a static analyzer setup for Xen called Coverity. It allows > > > > > the code to be inspected for bugs and such. > > > > > > > > > > Originally I setup this so that we could make sure that there are no > > > > > bugs that cause security issues - and as such invited only folks > > > > > on the security Xen mailing list. > > > > > > > > > > But there are other folks who I am sure would like to contribute > > > > > and as Coverity is pretty amazing at analyzing issues and providing > > > > > a good idea of how to fix it - was wondering what should be the > > > > > procedure for involving volunteers for that? > > > > > > > > This conversation and the decision is on going to take a while. > > > > > > > > In the meantime we (security@ or xen-devel@) have received offers of > > > > help from Matthew Daley, Andrew Cooper and Steven Maresca. All three are > > > > well known to us and IMHO trustworthy. Matthew and Andrew have been > > > > involved in both disclosing and helping to resolve multiple security > > > > issues in the past. I don't think Steven has been involved in security > > > > disclosure stuff (apologies Steven if I've forgotten) but has none the > > > > less been active in Xen and with various security related aspects of the > > > > project. > > > > > > > > Given that I would like to propose that we give all three of them access > > > > while the policy conversation is on going. > > > > > > > > Any objections? If so then please raise them by the end of business this > > > > Sunday (8 September). > > > > > > +1 > > > > No objections either. +1 for all three! > > You said this on Friday too, get some sleep dude ;-) > > Anyway, no objections and the deadline has passed. So I think you can > give the three of them access. (I haven't looked but I don't think I'm > capable?) Just did it. All three should have gotten an invite. Pls email if you haven't. > > Ian. >