[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About 'qemu-security' mailing list
|
From: |
Li Qiang |
|
Subject: |
Re: About 'qemu-security' mailing list |
|
Date: |
Fri, 11 Sep 2020 23:27:10 +0800 |
P J P <ppandit@redhat.com> 于2020年9月11日周五 下午10:21写道:
>
> Hello all,
>
> Recently while conversing with DanPB this point came up
>
> -> https://www.qemu.org/contribute/security-process/
>
> * Currently QEMU security team is a handful of individual contacts which
> restricts community participation in dealing with these issues.
>
> * The Onus also lies with the individuals to inform the community about QEMU
> security issues, as they come in.
>
>
> Proposal: (to address above limitations)
> =========
>
> * We set up a new 'qemu-security' mailing list.
>
> * QEMU security issues are reported to this new list only.
>
> * Representatives from various communities subscribe to this list. (List maybe
> moderated in the beginning.)
>
> * As QEMU issues come in, participants on the 'qemu-security' list shall
> discuss and decide about how to triage them further.
>
> Please kindly let us know your views about it. I'd appreciate if you have any
> suggestions/inputs/comments about the same.
Hi Prasad,
Great idea.
Like other project, sometimes they have two mailing lists.
The first is 'security', this list should contains the core developers.
The second is 'predisclosure', the organization can participate this
lists and discuss the disclosure process.
But as for qemu, most of the security issues doesn't need an embargo date.
I think one 'qemu-security' is ok. I think this mailing lists can
contain the currently individuals and the some qemu developer
and also some organizations who uses qemu.
Thanks,
Li Qiang
>
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
>
>