[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About 'qemu-security' mailing list

From: Alexander Bulekov
Subject: Re: About 'qemu-security' mailing list
Date: Fri, 11 Sep 2020 11:40:55 -0400

Hi Prasad,
A couple questions:
 * I'm guessing this will be a closed list with some application/vetting
   procedure for the participants? (Maybe this is what you mean by
   "moderated" ?)
 * How will the communication be encrypted?
 * Will secalert still be subscribed (for managing CVE ID assignments)?
 * Assuming PGP will be gone, will it be possible to make the "This bug
   is a security vulnerability" button work on Launchpad?

On 200911 1950, P J P wrote:
>   Hello all,
> Recently while conversing with DanPB this point came up
>    -> https://www.qemu.org/contribute/security-process/
> * Currently QEMU security team is a handful of individual contacts which
>   restricts community participation in dealing with these issues.
> * The Onus also lies with the individuals to inform the community about QEMU
>   security issues, as they come in.
> Proposal: (to address above limitations)
> =========
> * We set up a new 'qemu-security' mailing list.
> * QEMU security issues are reported to this new list only.
> * Representatives from various communities subscribe to this list. (List maybe
>   moderated in the beginning.)
> * As QEMU issues come in, participants on the 'qemu-security' list shall
>   discuss and decide about how to triage them further.
> Please kindly let us know your views about it. I'd appreciate if you have
> any suggestions/inputs/comments about the same.
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

reply via email to

[Prev in Thread] Current Thread [Next in Thread]