Re: 回复: [PATCH 0/2] use unsigned type for MegasasState fields

[P J P]

+-- On Tue, 12 May 2020, Philippe Mathieu-Daudé wrote --+
| The cover describes the bug as OOB, so I suppose this is a security issue. 
| Now a 6 months embargo surprises me. I was expecting some period in a 
| 30-90days range to be the default. However reading the 'Publication embargo' 
| chapter on https://www.qemu.org/contribute/security-process/, it is only 
| stated "Embargo periods will be negotiated by mutual agreement between 
| members of the security team and other relevant parties to the problem." 
| Shouldn't be a maximum upper limit on the embargo period? Are there QEMU 
| security bugs embargoed for more than a year? That would be a shame.

Yes, some of these issue are old. We are working on the time-line details. We 
have quite regular influx of CVE issues, which leads to long triage times for 
some of them.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D