* [RFC Patch] Make Security Policy Doc ready to become a CNA
@ 2018-03-19 16:20 Lars Kurth
0 siblings, 0 replies; 5+ messages in thread
From: Lars Kurth @ 2018-03-19 16:20 UTC (permalink / raw)
To: xen-devel; +Cc: committers, security
This contains a proposal to change https://xenproject.org/security-policy.html such
that it points to SUPPORT.md. Having scope and process information is necessary
to become a CNA. This is the last piece, before formally asking to become a CNA.
To make the review of this easier, I based it on xenbits:/larsk/governance.git
Note that I still need to fix the final URL and also add the change to the
changelog.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC PATCH] Make Security Policy Doc ready to become a CNA
2018-03-21 8:17 ` Lars Kurth
@ 2018-04-04 8:13 ` Lars Kurth
0 siblings, 0 replies; 5+ messages in thread
From: Lars Kurth @ 2018-04-04 8:13 UTC (permalink / raw)
To: Lars Kurth, George Dunlap, Ian Jackson; +Cc: xen-devel, committers, security
[-- Attachment #1.1: Type: text/plain, Size: 2572 bytes --]
Ian,
can we agree on a final URL for the generated docs (the ones generated from SUPPORT.md). That would enable me to send out a new series
Lars
From: Lars Kurth <lars.kurth.xen@gmail.com>
Date: Wednesday, 21 March 2018 at 09:18
To: George Dunlap <George.Dunlap@citrix.com>
Cc: Lars Kurth <lars.kurth@citrix.com>, xen-devel <xen-devel@lists.xenproject.org>, "committers@xenproject.org" <committers@xenproject.org>, "security@xenproject.org" <security@xenproject.org>
Subject: Re: [RFC PATCH] Make Security Policy Doc ready to become a CNA
On 20 Mar 2018, at 17:38, George Dunlap <george.dunlap@citrix.com<mailto:george.dunlap@citrix.com>> wrote:
On 03/19/2018 04:37 PM, Lars Kurth wrote:
And this time with patch: note to myself - never try sendmail with --compose again (-;
This patch contains a proposal to change https://xenproject.org/security-policy.html
such that it points to SUPPORT.md. Having scope and process information is necessary
to become a CNA. This is the last piece, before formally asking to become a CNA.
To make the review of this easier, I based it on xenbits:/larsk/governance.git
(contains the pandoc as published today and the html)
Regards
Lars
---
[PATCH] Make Security Policy Doc ready to become a CNA
To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md
Expected changes:
- Resend once the URL that is currently open has been agreed
with Ian Jackson
Signed-off-by: Lars Kurth <lars.kurth@citrix.com<mailto:lars.kurth@citrix.com>>
---
security-policy.pandoc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..22e274b 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,6 +19,14 @@ Scope of this process
This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
+Specific information about features with security support can be found in
+
+1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+ in the releases' tar ball and its xen.git tree and on
+ [web pages generated from the SUPPORT.md file](add URL)
Not sure we should include the direct (ugly) link. Other than that
looks OK to me.
No strong opinion either way. There is no real harm in having it and it's just a link on the final document
Lars
[-- Attachment #1.2: Type: text/html, Size: 8106 bytes --]
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC PATCH] Make Security Policy Doc ready to become a CNA
2018-03-20 16:38 ` George Dunlap
@ 2018-03-21 8:17 ` Lars Kurth
2018-04-04 8:13 ` Lars Kurth
0 siblings, 1 reply; 5+ messages in thread
From: Lars Kurth @ 2018-03-21 8:17 UTC (permalink / raw)
To: George Dunlap; +Cc: Lars Kurth, committers, security, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 2085 bytes --]
> On 20 Mar 2018, at 17:38, George Dunlap <george.dunlap@citrix.com> wrote:
>
> On 03/19/2018 04:37 PM, Lars Kurth wrote:
>> And this time with patch: note to myself - never try sendmail with --compose again (-;
>>
>> This patch contains a proposal to change https://xenproject.org/security-policy.html
>> such that it points to SUPPORT.md. Having scope and process information is necessary
>> to become a CNA. This is the last piece, before formally asking to become a CNA.
>>
>> To make the review of this easier, I based it on xenbits:/larsk/governance.git
>> (contains the pandoc as published today and the html)
>>
>> Regards
>> Lars
>> ---
>> [PATCH] Make Security Policy Doc ready to become a CNA
>>
>> To become a CNA, we need to more clearly specifiy the scope of
>> security support. This change updates the document and points
>> to SUPPORT.md and pages generated from SUPPORT.md
>>
>> Expected changes:
>> - Resend once the URL that is currently open has been agreed
>> with Ian Jackson
>>
>> Signed-off-by: Lars Kurth <lars.kurth@citrix.com>
>> ---
>> security-policy.pandoc | 10 +++++++++-
>> 1 file changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/security-policy.pandoc b/security-policy.pandoc
>> index 5783183..22e274b 100644
>> --- a/security-policy.pandoc
>> +++ b/security-policy.pandoc
>> @@ -19,6 +19,14 @@ Scope of this process
>>
>> This process primarily covers the [Xen Hypervisor
>> Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
>> +Specific information about features with security support can be found in
>> +
>> +1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
>> + in the releases' tar ball and its xen.git tree and on
>> + [web pages generated from the SUPPORT.md file](add URL)
>
> Not sure we should include the direct (ugly) link. Other than that
> looks OK to me.
No strong opinion either way. There is no real harm in having it and it's just a link on the final document
Lars
[-- Attachment #1.2: Type: text/html, Size: 5733 bytes --]
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC PATCH] Make Security Policy Doc ready to become a CNA
2018-03-19 16:37 [RFC PATCH] " Lars Kurth
@ 2018-03-20 16:38 ` George Dunlap
2018-03-21 8:17 ` Lars Kurth
0 siblings, 1 reply; 5+ messages in thread
From: George Dunlap @ 2018-03-20 16:38 UTC (permalink / raw)
To: Lars Kurth, xen-devel, committers, security
On 03/19/2018 04:37 PM, Lars Kurth wrote:
> And this time with patch: note to myself - never try sendmail with --compose again (-;
>
> This patch contains a proposal to change https://xenproject.org/security-policy.html
> such that it points to SUPPORT.md. Having scope and process information is necessary
> to become a CNA. This is the last piece, before formally asking to become a CNA.
>
> To make the review of this easier, I based it on xenbits:/larsk/governance.git
> (contains the pandoc as published today and the html)
>
> Regards
> Lars
> ---
> [PATCH] Make Security Policy Doc ready to become a CNA
>
> To become a CNA, we need to more clearly specifiy the scope of
> security support. This change updates the document and points
> to SUPPORT.md and pages generated from SUPPORT.md
>
> Expected changes:
> - Resend once the URL that is currently open has been agreed
> with Ian Jackson
>
> Signed-off-by: Lars Kurth <lars.kurth@citrix.com>
> ---
> security-policy.pandoc | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/security-policy.pandoc b/security-policy.pandoc
> index 5783183..22e274b 100644
> --- a/security-policy.pandoc
> +++ b/security-policy.pandoc
> @@ -19,6 +19,14 @@ Scope of this process
>
> This process primarily covers the [Xen Hypervisor
> Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
> +Specific information about features with security support can be found in
> +
> +1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
> + in the releases' tar ball and its xen.git tree and on
> + [web pages generated from the SUPPORT.md file](add URL)
Not sure we should include the direct (ugly) link. Other than that
looks OK to me.
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [RFC PATCH] Make Security Policy Doc ready to become a CNA
@ 2018-03-19 16:37 Lars Kurth
2018-03-20 16:38 ` George Dunlap
0 siblings, 1 reply; 5+ messages in thread
From: Lars Kurth @ 2018-03-19 16:37 UTC (permalink / raw)
To: xen-devel, committers, security
And this time with patch: note to myself - never try sendmail with --compose again (-;
This patch contains a proposal to change https://xenproject.org/security-policy.html
such that it points to SUPPORT.md. Having scope and process information is necessary
to become a CNA. This is the last piece, before formally asking to become a CNA.
To make the review of this easier, I based it on xenbits:/larsk/governance.git
(contains the pandoc as published today and the html)
Regards
Lars
---
[PATCH] Make Security Policy Doc ready to become a CNA
To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md
Expected changes:
- Resend once the URL that is currently open has been agreed
with Ian Jackson
Signed-off-by: Lars Kurth <lars.kurth@citrix.com>
---
security-policy.pandoc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..22e274b 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,6 +19,14 @@ Scope of this process
This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
+Specific information about features with security support can be found in
+
+1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+ in the releases' tar ball and its xen.git tree and on
+ [web pages generated from the SUPPORT.md file](add URL)
+2. For releases that do not contain SUPPORT.md, this information can be found
+ pm the [Release Feature wiki page](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features)
+
Vulnerabilties reported against other Xen Project teams will be handled on a
best effort basis by the relevant Project Lead together with the Security
Response Team.
@@ -401,7 +409,7 @@ Change History
--------------
<div class="box-note">
-
+- **v3.18 March 19th 2017:** Added reference to SUPPORT.md
- **v3.17 July 20th 2017:** Added Zynstra
- **v3.16 April 21st 2017:** Added HostPapa
- **v3.15 March 21st 2017:** Added CloudVPS (Feb 13) and BitDefender SRL
--
2.13.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-04-04 8:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-19 16:20 [RFC Patch] Make Security Policy Doc ready to become a CNA Lars Kurth
2018-03-19 16:37 [RFC PATCH] " Lars Kurth
2018-03-20 16:38 ` George Dunlap
2018-03-21 8:17 ` Lars Kurth
2018-04-04 8:13 ` Lars Kurth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.