[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 1/1] security-process: update process information

From: P J P
Subject: Re: [PATCH v1 1/1] security-process: update process information
Date: Thu, 3 Dec 2020 11:06:59 +0530 (IST)

  Hello Dan, Stefano,

+-- On Wed, 2 Dec 2020, Stefano Stabellini wrote --+
| On Wed, 2 Dec 2020, Daniel P. Berrangé wrote:
| > > +  any third parties, including Xen Security Project, without your prior
| > > +  permission.
| > 
| > Why this explicit note about the Xen project ?  What if we decide to want
| > a member of the Xen security team on the QEMU security mailing list so that
| > we can collaborate on triage ?

* While that's fair point, what I think it means is, even if members from 
  other communities are present on the qemu-security list, any explicit 
  communication and/or sharing of issue details/information/reproducers etc.  
  across communities, with non-members will not happen without prior 
  permission from the reporter(s).

* Besides, that is not new text, it is from the current process page

  -> https://www.qemu.org/contribute/security-process/

| this is not an issue because the individual (probably me) of course
| would not report anything to the Xen security team without prior
| permission.

 +1000..., appreciate it.:)

| >      Any non-public information you share about security issues, is kept
| >      confidential between members of the QEMU security team, and a minimal
| >      number of supporting staff in their affliated companies.  Information
| >      will not be disclosed to other third party organizations/individuals
| >      without prior permission from the reporter
| Sounds good to me

Same here, will fix it.

Thank you.
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

reply via email to

[Prev in Thread] Current Thread [Next in Thread]