[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosu
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure |
Date: |
Thu, 17 Apr 2014 21:54:33 +0300 |
On Thu, Apr 17, 2014 at 09:10:12AM -0700, Anthony Liguori wrote:
> On Thu, Apr 17, 2014 at 6:54 AM, Michael S. Tsirkin <address@hidden> wrote:
> > People sometimes detect security issues in upstream
> > QEMU and don't know where to report them in a non-public way.
> > Of course whoever just wants full disclosure can just go public,
> > but there's nothing specified for non-public - until recently Anthony
> > was doing this informally.
> >
> > As I started doing this recently anyway, I can handle this on the QEMU side
> > in a more formal way.
> >
> > Adding a secalert mailing list as well - they are the ones who is actually
> > opening CVEs, communicating issues to all downstreams etc,
> > and they are already handling this for upstream, not just Red Hat.
> >
> > Keeping Anthony's address around in case he wants to be informed.
> >
> > Signed-off-by: Michael S. Tsirkin <address@hidden>
>
> What about using address@hidden and creating that as a
> moderated mailing list with no public archive?
>
> That way there's a single contact point and there can be many people
> backing it up to make sure that disclosures are handled very quickly.
>
> Regards,
>
> Anthony Liguori
Also I'd like a more explicit name, we don't want general
security related discussions on that list.
address@hidden
?
> > ---
> > MAINTAINERS | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 34b8c3f..713546f 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -52,6 +52,12 @@ General Project Administration
> > ------------------------------
> > M: Anthony Liguori <address@hidden>
> >
> > +Responsible Disclosure, Reporting Security Issues
> > +------------------------------
> > +M: Michael S. Tsirkin <address@hidden>
> > +M: Anthony Liguori <address@hidden>
> > +L: address@hidden
> > +
> > Guest CPU cores (TCG):
> > ----------------------
> > Alpha
> > --
> > MST
> >
- [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/17
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Andreas Färber, 2014/04/17
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Peter Maydell, 2014/04/17
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Anthony Liguori, 2014/04/17
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/17
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure,
Michael S. Tsirkin <=
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Peter Maydell, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Liguori, Anthony, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Liguori, Anthony, 2014/04/28
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Markus Armbruster, 2014/04/29
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Michael S. Tsirkin, 2014/04/29
- Re: [Qemu-devel] [PATCH] MAINTAINERS: addresses for responsible disclosure, Daniel P. Berrange, 2014/04/28