From: Ian Campbell <Ian.Campbell@citrix.com>
To: Andrew Cooper <Andrew.Cooper3@citrix.com>,
Lars Kurth <lars.kurth@xen.org>
Cc: xen-users <xen-users@lists.xen.org>,
"Keir (Xen.org)" <keir@xen.org>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Security support for debug=y builds (Was Re: Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only))
Date: Fri, 8 Feb 2013 11:25:24 +0000 [thread overview]
Message-ID: <1360322724.32479.159.camel@zakaz.uk.xensource.com> (raw)
In-Reply-To: <1357558616.7989.41.camel@zakaz.uk.xensource.com>
On Mon, 2013-01-07 at 11:36 +0000, Ian Campbell wrote:
> On Mon, 2013-01-07 at 11:21 +0000, Andrew Cooper wrote:
> > On 07/01/13 11:08, Keir Fraser wrote:
> > > On 07/01/2013 10:21, "Ian Campbell"<ijc@xen.org> wrote:
> > >> * debug=y bugs are Just Bugs and not security issues. i.e. they
> > >> are discussed and fixed publicly on xen-devel and the fix is
> > >> checked in in the usual way. There is no embargo or specific
> > >> announcement. changelog may or may not refer to the security
> > >> implications if debug=y is enabled.
> > > This is my preference. I consider debug builds to be developer builds, and
> > > wouldn't expect to see them used in production environments. We set debug=n
> > > by default in our stable branches for that reason.
> > >
> > > -- Keir
> >
> > I second this opinion. Production environments should not be running
> > development builds.
>
> I tried to keep my initial mail unbiased, but this is my opinion too.
Looks like we have a consensus on this then.
Lars, could you add some words to the doc?
e.g. under "Scope of this process".
This process primarily covers the Xen Hypervisor Project. Vulnerabilties
reported against other Xen.org projects will be handled on a best effort
basis by the relevant Project Lead together with the security team.
next prev parent reply other threads:[~2013-02-08 11:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1Tr9he-0007fM-NC@xenbits.xen.org>
2013-01-04 16:52 ` [PATCH] libxc: x86: ensure that the initial mapping fits into the guest's memory Ian Campbell
2013-01-07 7:00 ` Jan Beulich
2013-01-07 10:35 ` Jan Beulich
2013-01-07 10:37 ` Ian Campbell
2013-01-07 11:05 ` Jan Beulich
2013-01-07 11:39 ` Ian Campbell
2013-01-07 13:37 ` [PATCH V2] " Ian Campbell
2013-01-07 10:21 ` Security support for debug=y builds (Was Re: Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)) Ian Campbell
2013-01-07 11:08 ` Keir Fraser
2013-01-07 11:21 ` Andrew Cooper
2013-01-07 11:36 ` Ian Campbell
2013-01-07 12:58 ` James Bulpin
2013-01-07 16:22 ` Keir Fraser
2013-02-08 11:25 ` Ian Campbell [this message]
2013-02-08 11:29 ` Ian Campbell
2013-02-08 11:29 ` Ian Campbell
2013-02-08 11:40 ` Jan Beulich
2013-02-08 11:47 ` Ian Campbell
2013-01-07 11:09 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360322724.32479.159.camel@zakaz.uk.xensource.com \
--to=ian.campbell@citrix.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=keir@xen.org \
--cc=lars.kurth@xen.org \
--cc=xen-devel@lists.xen.org \
--cc=xen-users@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.