[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About 'qemu-security' mailing list
From: |
Alexander Bulekov |
Subject: |
Re: About 'qemu-security' mailing list |
Date: |
Fri, 11 Sep 2020 11:40:55 -0400 |
Hi Prasad,
A couple questions:
* I'm guessing this will be a closed list with some application/vetting
procedure for the participants? (Maybe this is what you mean by
"moderated" ?)
* How will the communication be encrypted?
* Will secalert still be subscribed (for managing CVE ID assignments)?
* Assuming PGP will be gone, will it be possible to make the "This bug
is a security vulnerability" button work on Launchpad?
Thanks!
-Alex
On 200911 1950, P J P wrote:
> Hello all,
>
> Recently while conversing with DanPB this point came up
>
> -> https://www.qemu.org/contribute/security-process/
>
> * Currently QEMU security team is a handful of individual contacts which
> restricts community participation in dealing with these issues.
>
> * The Onus also lies with the individuals to inform the community about QEMU
> security issues, as they come in.
>
>
> Proposal: (to address above limitations)
> =========
>
> * We set up a new 'qemu-security' mailing list.
>
> * QEMU security issues are reported to this new list only.
>
> * Representatives from various communities subscribe to this list. (List maybe
> moderated in the beginning.)
>
> * As QEMU issues come in, participants on the 'qemu-security' list shall
> discuss and decide about how to triage them further.
>
> Please kindly let us know your views about it. I'd appreciate if you have
> any suggestions/inputs/comments about the same.
>
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
>
>