From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [COVERITY ACCESS] for Doug Goldstein
Date: Fri, 29 Jan 2016 17:14:04 +0000
Message-ID: <56AB9DDC.1000806@citrix.com>
References: <56AB9044.305@cardoe.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=8298df8fa=Andrew.Cooper3@citrix.com>)
	id 1aPCca-0006Mi-Tb
	for xen-devel@lists.xenproject.org; Fri, 29 Jan 2016 17:14:09 +0000
In-Reply-To: <56AB9044.305@cardoe.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Doug Goldstein <cardoe@cardoe.com>, xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 29/01/16 16:16, Doug Goldstein wrote:
> Hi all,
>
> I agree to the conditions in the Xen Project Security [1] and Coverity
> [2] Contribution guidelines.
>
> I have been a Gentoo Linux developer since 2001 and involved with
> downstream packaging of virtualization products in Gentoo for at least 8
> years with a specific focus on QEMU, libvirt, KVM and now days Xen. I've
> been a libvirt contributor in the past (with commit access) but for the
> last year and half I've found my time consumed in other parts of the
> stack. Most recently I've been contributing to Xen. My day job for the
> last 8 years has been focused on shipping Linux based devices into
> hostile environments and improving the security so that we have some
> confidence that they are secure and untampered with. So I have a
> personal vested interest in ensuring security holes are plugged and not
> left around or provided to organizations with an interest in exploiting
> them. Because of this I would like access to the Coverity results to
> help plug anything that comes up.
>
> My GPG key is not in the strong web of trust since I have very few
> signatures so I can understand if that's a hold up. I'll look forward to
> exchanging some signatures at the next Xen Developer Summit either way.
>
> [1] http://www.xenproject.org/security-policy.html
> [2] http://xenproject.org/help/contribution-guidelines.html

+1

~Andrew