[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [qemu-web PATCH v2] Add "Security Process" information to the main w
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [qemu-web PATCH v2] Add "Security Process" information to the main website |
|
Date: |
Mon, 27 Jan 2020 07:00:48 -0500 |
On Mon, Jan 27, 2020 at 11:00:29AM +0100, Thomas Huth wrote:
> On 23/01/2020 20.43, Eric Blake wrote:
> > On 1/23/20 11:11 AM, Thomas Huth wrote:
> >> One reporter of a security issue recently complained that it might not
> >> be the best idea to store our "Security Process" in the Wiki. Well, while
> >> the page in the Wiki is protected (so that only some few people can edit
> >> it), it is still possible that someone might find a bug in the Wiki
> >> software to alter the page contents...
> >> Anyway, it looks more trustworthy if we present the "Security Process"
> >> information in the static website instead. Thus this patch adds the
> >> information from the wiki to the Jekyll-based website now.
> >>
> >> Signed-off-by: Thomas Huth <address@hidden>
> >> ---
> >> v2: Improved some sentences as suggested by Paolo
> >>
> >
> >> +### Publication embargo
> >> +
> >> +As a security issue reported, that is not already publically disclosed
> >
> > publicly
> >
> >> +elsewhere, has an embargo date assigned and communicated to reporter.
> >> Embargo
> >
> > Reads awkwardly. I'd suggest:
> >
> > If a security issue is reported that is not already publicly disclosed,
> > an embargo date may be assigned and communicated to the reporter.
>
> Ok, thanks, I've added your suggestions and pushed the changes now to
> the website.
>
> To the people on CC: ... could someone please update the wiki page
> (https://wiki.qemu.org/SecurityProcess) to point to
> https://www.qemu.org/contribute/security-process/ instead? ... I don't
> have write access to that page, so I can not do that on my own.
>
> Thomas
Stefan I think you can do it right?
--
MST