[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About 'qemu-security' mailing list
From: |
Daniel P . Berrangé |
Subject: |
Re: About 'qemu-security' mailing list |
Date: |
Mon, 14 Sep 2020 09:54:58 +0100 |
User-agent: |
Mutt/1.14.6 (2020-07-11) |
On Fri, Sep 11, 2020 at 04:51:49PM +0100, Peter Maydell wrote:
> On Fri, 11 Sep 2020 at 15:22, P J P <ppandit@redhat.com> wrote:
> > Proposal: (to address above limitations)
> > =========
> >
> > * We set up a new 'qemu-security' mailing list.
> >
> > * QEMU security issues are reported to this new list only.
> >
> > * Representatives from various communities subscribe to this list. (List
> > maybe
> > moderated in the beginning.)
> >
> > * As QEMU issues come in, participants on the 'qemu-security' list shall
> > discuss and decide about how to triage them further.
>
> Way way back, the idea of a qemu-security list was proposed, and
> it was decided against because there wasn't a clear way that
> people could send encrypted mail to the security team if it
> was just a mailing list. So that's why we have the "handful
> of individual contacts" approach. Is that still something people
> care about ?
>
> My question is, who decides who's on the qemu-security list?
> Is this just "it's the same handful of contacts, but they
> have a mailing list for convenience" ? It sounds like you
> want it to be a larger grouping than that and maybe also
> want to use it as a mechanism for informing downstream distros
> etc about QEMU security issues, which is to say you're
> proposing an overhaul and change to our security process,
> not merely "we'd like to create a mailing list" ?
Yes, that is a reasonable description.
Do we think the current QEMU security process is working well for the
community as a whole in terms of our downstream consumers learning about
security flaws in an appropriate timeframe and manner ?
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- About 'qemu-security' mailing list, P J P, 2020/09/11
- Re: About 'qemu-security' mailing list, Li Qiang, 2020/09/11
- Re: About 'qemu-security' mailing list, Alexander Bulekov, 2020/09/11
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/11
- Re: About 'qemu-security' mailing list, Peter Maydell, 2020/09/11
- Re: About 'qemu-security' mailing list, Philippe Mathieu-Daudé, 2020/09/14
- Re: About 'qemu-security' mailing list,
Daniel P . Berrangé <=
- Re: About 'qemu-security' mailing list, Stefan Hajnoczi, 2020/09/14
- Re: About 'qemu-security' mailing list, P J P, 2020/09/15
- Re: About 'qemu-security' mailing list, Stefan Hajnoczi, 2020/09/16
- Re: About 'qemu-security' mailing list, Peter Maydell, 2020/09/16
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/16
- Re: About 'qemu-security' mailing list, Thomas Huth, 2020/09/16
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/16
- Re: About 'qemu-security' mailing list, P J P, 2020/09/18
- Re: About 'qemu-security' mailing list, P J P, 2020/09/30