From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lars Kurth <lars.kurth.xen@gmail.com>
Subject: Re: Security policy ambiguities - XSA-108 process
	post-mortem
Date: Thu, 6 Nov 2014 16:01:04 +0000
Message-ID: <0E6C0A5F-0FE6-42A6-BD57-60ADB3D21B82@gmail.com>
References: <21557.24142.873029.148164@mariner.uk.xensource.com>
	<21557.50031.783473.873273@chiark.greenend.org.uk>
	<1413894766.23337.34.camel@citrix.com>
	<21586.10214.683512.296628@chiark.greenend.org.uk>
	<20141031224036.GA16669@u109add4315675089e695.ant.amazon.com>
	<1415186272.15317.5.camel@citrix.com>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <lars.kurth.xen@gmail.com>) id 1XmPUl-0000Nq-GY
	for xen-devel@lists.xenproject.org; Thu, 06 Nov 2014 16:01:11 +0000
Received: by mail-wg0-f44.google.com with SMTP id x12so1574939wgg.3
	for <xen-devel@lists.xenproject.org>;
	Thu, 06 Nov 2014 08:01:10 -0800 (PST)
In-Reply-To: <1415186272.15317.5.camel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Matt Wilson <msw@linux.com>, Ian Jackson <ijackson@chiark.greenend.org.uk>, xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org


On 5 Nov 2014, at 11:17, Ian Campbell <Ian.Campbell@citrix.com> wrote:

> On Fri, 2014-10-31 at 15:40 -0700, Matt Wilson wrote:
>> I think that we should reduce any burden on the security team by
>> making this a community decision that is discussed in public, rather
>> than something that is handled exclusively in a closed manner as it is
>> today. This way others who are active community participants can help
>> with the decision making process can do the investigation and weigh in
>> on the risk/benefit tradeoff to the security process and the
>> project. See Message-ID: <20141021143053.GA22864@u109add4315675089e695.ant.amazon.com>
>> or [1] if you are willing to visit a URL. ;-)
>> 
>> There's been a bit of talk about "delay" and so on. I'd rather not set
>> expectations on how long the processing a petition to be added to the
>> predisclosure list should take. Building community consensus takes
>> time, just as it does for
> 
> I think regardless of who is processing the applications what is more
> important is to have a concrete set of *objective* criteria. Anyone who
> demonstrates that they meet those criteria must be allowed to join.

I don't think that having applications discussed and processed on a dedicated public list and objective criteria are mutually exclusive. The two may provide a good balance, and allow for some flexibility in ambiguous cases. 

In particular if we either have a strong owner or follow the "two +1 with no -1" model of a set of decision makers who earned that status over time. More or less what we use for access to Coverity Scan output. 

Regards
Lars