Re: [qemu-web PATCH] Add "Security Process" information to the main website

[Paolo Bonzini]

On 23/01/20 14:59, Thomas Huth wrote:
> Anyway, it looks more trustworthy if we present the "Security Process"
> information in the static website instead. Thus this patch adds the
> information from the wiki to the Jekyll-based website now.

Fair enough; here are some edits so that we can improve the text a bit
in the meanwhile.

> +We use a GNU Privacy Guard (GnuPG or GPG) keys to secure communications. Mail

Remove "a".

> +sent to members of the list can be encrypted with public keys of all members
> +of the list. We expect to change some of the keys we use from time to time.
> +Should we change the key, the previous keys will be revoked.

Should a key change, the previous one will be revoked.

> +* Is QEMU used in conjunction with a hypervisor (as opposed to TCG binary
> +  translation TCG)?

Two "TCG"s.

> +Whenever some or all of these questions have negative answers, what appears 
> to
> +be a genuine security flaw might be considered of low severity because it 
> could
> +only be exercised in use cases where QEMU and everything interacting with it 
> is
> +trusted.

s/genuine/major/

> +Prima facie, this bug appears to be a genuine security flaw, with potentially
> +severe implications. But digging further down, it shows that there are  only
> +two ways to use SD Host Controller emulation, one is via 'sdhci-pci' 
> interface
> +and the other is via 'generic-sdhci' interface.

I can understand some Latin, but perhaps s/Prima facie/On the surface/

Also, s/it shows that//

> +Of these two, the 'sdhci-pci' interface is relatively new and had actually 
> been

s/is relatively new and//

Thanks,

Paolo