* Vulnerability embargo dates - add your public holidays
@ 2017-05-10 13:38 Ian Jackson
2017-05-10 13:51 ` Juergen Gross
0 siblings, 1 reply; 7+ messages in thread
From: Ian Jackson @ 2017-05-10 13:38 UTC (permalink / raw)
To: xen-announce, xen-devel, xen-users; +Cc: security-team-members
When the Xen Project Security Team talks to discoverers about choice
of release dates for security vulnerabilities, we generally try to
avoid known public holidays (subject to other constraints such as the
discoverer's requirements, the Xen Project policy, and so on).
We wish to make this arrangement a bit more formal, and in particular
to provide discoverers (who ultimately decide disclosure dates) and
the Security Team (who often give advice) with good information to
support their decisions.
To this end we have created a wiki page where interested community
members can document public holidays which would affect their ability
to respond to security issues.
Please see:
https://wiki.xenproject.org/wiki/HolidayCalendar
If you would like your circumstances taken into account, please add to
the data for 2017 on that page.
Note that if you do not already have write access to the wiki, you'll
have to request it. Sorry for the inconvenience, and please see:
https://wiki.xenproject.org/wiki/Main_Page
Also, as the HolidayCalendar wiki page says:
Note that disclosure schedules are determined by the discoverers of
vulnerabilities who do not need to follow the guidelines in the Xen
Project policy. Where discoverers ask the Xen Project Security Team
for advice, or choose to follow the policy, the holiday information
here is advisory only. Because the policy requires us to consider
other factors too, we cannot guarantee to avoid holidays.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 13:38 Vulnerability embargo dates - add your public holidays Ian Jackson
@ 2017-05-10 13:51 ` Juergen Gross
2017-05-10 14:07 ` Ian Jackson
0 siblings, 1 reply; 7+ messages in thread
From: Juergen Gross @ 2017-05-10 13:51 UTC (permalink / raw)
To: Ian Jackson, xen-announce, xen-devel, xen-users; +Cc: security-team-members
On 10/05/17 15:38, Ian Jackson wrote:
> When the Xen Project Security Team talks to discoverers about choice
> of release dates for security vulnerabilities, we generally try to
> avoid known public holidays (subject to other constraints such as the
> discoverer's requirements, the Xen Project policy, and so on).
>
> We wish to make this arrangement a bit more formal, and in particular
> to provide discoverers (who ultimately decide disclosure dates) and
> the Security Team (who often give advice) with good information to
> support their decisions.
>
> To this end we have created a wiki page where interested community
> members can document public holidays which would affect their ability
> to respond to security issues.
>
> Please see:
> https://wiki.xenproject.org/wiki/HolidayCalendar
Are you planning to add a link to this page somewhere in the wiki?
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 13:51 ` Juergen Gross
@ 2017-05-10 14:07 ` Ian Jackson
2017-05-10 14:31 ` Juergen Gross
0 siblings, 1 reply; 7+ messages in thread
From: Ian Jackson @ 2017-05-10 14:07 UTC (permalink / raw)
To: Juergen Gross; +Cc: xen-devel, security-team-members, xen-users
(dropping announce)
Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
> On 10/05/17 15:38, Ian Jackson wrote:
> > Please see:
> > https://wiki.xenproject.org/wiki/HolidayCalendar
>
> Are you planning to add a link to this page somewhere in the wiki?
I haven't done so. I guess it would be a good idea. Please go ahead
and do so :-).
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 14:07 ` Ian Jackson
@ 2017-05-10 14:31 ` Juergen Gross
2017-05-10 14:37 ` Lars Kurth
0 siblings, 1 reply; 7+ messages in thread
From: Juergen Gross @ 2017-05-10 14:31 UTC (permalink / raw)
To: Ian Jackson; +Cc: xen-devel, security-team-members, xen-users
On 10/05/17 16:07, Ian Jackson wrote:
> (dropping announce)
>
> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>> On 10/05/17 15:38, Ian Jackson wrote:
>>> Please see:
>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>
>> Are you planning to add a link to this page somewhere in the wiki?
>
> I haven't done so. I guess it would be a good idea. Please go ahead
> and do so :-).
Okay. But where?
I guess the most logical place would be the "Xen security problem
response process" definition, which I obviously can't change.
Another place would be:
https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
Any other ideas?
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 14:31 ` Juergen Gross
@ 2017-05-10 14:37 ` Lars Kurth
2017-05-10 14:59 ` Lars Kurth
0 siblings, 1 reply; 7+ messages in thread
From: Lars Kurth @ 2017-05-10 14:37 UTC (permalink / raw)
To: Juergen Gross; +Cc: xen-devel, security-team-members, Ian Jackson, xen-users
> On 10 May 2017, at 15:31, Juergen Gross <jgross@suse.com> wrote:
>
> On 10/05/17 16:07, Ian Jackson wrote:
>> (dropping announce)
>>
>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>> Please see:
>>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>>
>>> Are you planning to add a link to this page somewhere in the wiki?
>>
>> I haven't done so. I guess it would be a good idea. Please go ahead
>> and do so :-).
>
> Okay. But where?
>
> I guess the most logical place would be the "Xen security problem
> response process" definition, which I obviously can't change.
>
> Another place would be:
>
> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>
> Any other ideas?
I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)
Lars
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 14:37 ` Lars Kurth
@ 2017-05-10 14:59 ` Lars Kurth
2017-05-10 15:56 ` Juergen Gross
0 siblings, 1 reply; 7+ messages in thread
From: Lars Kurth @ 2017-05-10 14:59 UTC (permalink / raw)
To: Juergen Gross; +Cc: xen-devel, security-team-members, Ian Jackson, xen-users
> On 10 May 2017, at 15:37, Lars Kurth <lars.kurth.xen@gmail.com> wrote:
>
>>
>> On 10 May 2017, at 15:31, Juergen Gross <jgross@suse.com> wrote:
>>
>> On 10/05/17 16:07, Ian Jackson wrote:
>>> (dropping announce)
>>>
>>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>>> Please see:
>>>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>>>
>>>> Are you planning to add a link to this page somewhere in the wiki?
>>>
>>> I haven't done so. I guess it would be a good idea. Please go ahead
>>> and do so :-).
>>
>> Okay. But where?
>>
>> I guess the most logical place would be the "Xen security problem
>> response process" definition, which I obviously can't change.
>>
>> Another place would be:
>>
>> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>>
>> Any other ideas?
>
> I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)
I added "SECURITY POLICY RELATED DOCUMENTS" (top right) to https://xenproject.org/security-policy.html
Let me know if that works
Lars
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Vulnerability embargo dates - add your public holidays
2017-05-10 14:59 ` Lars Kurth
@ 2017-05-10 15:56 ` Juergen Gross
0 siblings, 0 replies; 7+ messages in thread
From: Juergen Gross @ 2017-05-10 15:56 UTC (permalink / raw)
To: Lars Kurth; +Cc: xen-devel, security-team-members, Ian Jackson, xen-users
On 10/05/17 16:59, Lars Kurth wrote:
>
>> On 10 May 2017, at 15:37, Lars Kurth <lars.kurth.xen@gmail.com> wrote:
>>
>>>
>>> On 10 May 2017, at 15:31, Juergen Gross <jgross@suse.com> wrote:
>>>
>>> On 10/05/17 16:07, Ian Jackson wrote:
>>>> (dropping announce)
>>>>
>>>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>>>> Please see:
>>>>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>>>>
>>>>> Are you planning to add a link to this page somewhere in the wiki?
>>>>
>>>> I haven't done so. I guess it would be a good idea. Please go ahead
>>>> and do so :-).
>>>
>>> Okay. But where?
>>>
>>> I guess the most logical place would be the "Xen security problem
>>> response process" definition, which I obviously can't change.
>>>
>>> Another place would be:
>>>
>>> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>>>
>>> Any other ideas?
>>
>> I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)
>
> I added "SECURITY POLICY RELATED DOCUMENTS" (top right) to https://xenproject.org/security-policy.html
>
> Let me know if that works
It does. :-)
Thanks,
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-05-10 15:56 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-10 13:38 Vulnerability embargo dates - add your public holidays Ian Jackson
2017-05-10 13:51 ` Juergen Gross
2017-05-10 14:07 ` Ian Jackson
2017-05-10 14:31 ` Juergen Gross
2017-05-10 14:37 ` Lars Kurth
2017-05-10 14:59 ` Lars Kurth
2017-05-10 15:56 ` Juergen Gross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.