From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alan Cox Subject: Re: Security vulnerability process, and CVE-2012-0217 Date: Mon, 2 Jul 2012 16:17:02 +0100 Message-ID: <20120702161702.7af2ff8d@pyramind.ukuu.org.uk> References: <20448.49637.38489.246434@mariner.uk.xensource.com> <4FE1AAB6020000780008AC16@nat28.tlf.novell.com> <4FE1C2E3020000780008AC77@nat28.tlf.novell.com> <1341237571.4625.94.camel@zakaz.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1341237571.4625.94.camel@zakaz.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Campbell Cc: George Dunlap , Ian Jackson , Jan Beulich , "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org > I think the default of accepting the disclosers position is a good one. > We want to encourage people to report such bugs to us and taking control > away from them is a good way to discourage them. You do need a standard answer for when they don't. > This is probably better, but also ties into the question of public > holidays in various territories. i.e. business day where... On a global basis you can't win. Saturday/Sunday are out, a chunk of the middle of summer the French are all away, then Chinese have golden week and so on and by the time you've blocked them all in your calendar is basically full. It's a global community so the counterpoint is that while someone is always on holiday, someone else is always at work. Alan