From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@suse.com>
Subject: Security support for debug=y builds (Was Re: Xen
 Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect
 ASSERT (debug build only))
Date: Mon, 07 Jan 2013 11:09:52 +0000
Message-ID: <50EABB1002000078000B358A@nat28.tlf.novell.com>
References: <E1Tr9he-0007fM-NC@xenbits.xen.org>
	<1357554072.14291.129.camel@zakaz.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1357554072.14291.129.camel@zakaz.uk.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <ijc@xen.org>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

>>> On 07.01.13 at 11:21, Ian Campbell <ijc@xen.org> wrote:
> Options which I can think of are:
> 
>       * debug=y bugs are Just Bugs and not security issues. i.e. they
>         are discussed and fixed publicly on xen-devel and the fix is
>         checked in in the usual way. There is no embargo or specific
>         announcement. changelog may or may not refer to the security
>         implications if debug=y is enabled.

+1

>       * debug=y bugs are security issues regardless, they are treated
>         like any other security issue, i.e. following the process[0].

-1

>       * debug=y bugs are somewhere in the middle. (perhaps no embargo,
>         less formal announcement etc etc)

+/-0

Jan