From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Subject: [PATCH v2 SECURITY-POLICY 0/9] Security policy
	ambiguities - XSA-108 process post-mortem
Date: Fri, 23 Jan 2015 19:31:11 +0000
Message-ID: <1422041480-1164-1-git-send-email-ijackson@chiark.greenend.org.uk>
References: <21689.27383.339939.319567@chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Ian.Jackson@citrix.com>) id 1YEjxD-00079h-4d
	for xen-devel@lists.xenproject.org; Fri, 23 Jan 2015 19:31:39 +0000
In-Reply-To: <21689.27383.339939.319567@chiark.greenend.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

I would like to propose the following series of changes to the Xen
Project Security Policy.  For readability I have presented them as
diffs to a reasonably-plausibly-formatted HTML.

The substance of each change is discussed in the corresponding commit
message.

I am going to wait a week to see if anyone has any further comments.
If not, I will ask the Xen Project Community Manager to conduct the
formal approval process.


You can find the git tree I am using here:
  http://xenbits.xen.org/gitweb/?p=people/iwj/security-process.git;a=shortlog;h\
=refs/heads/rebasing
The relevant changes are in master..rebasing.

I have put a copy of the bare HTML here:
  http://xenbits.xen.org/people/iwj/draft/security_vulnerability_process.html


This is v2 of the series of changes.  The only comments were minor and
technical, and have (I think) been addressed.  The changes in v2 of the
series compared to my previous patch-series proposal:
 * Add IMPLEMENTATION TASKS section to various of the commit messages
 * Minor wording changes (no semantic change compared to v1)
 * Better presentation of email addresses (no semantic change)

Thanks,
Ian.