From: Lars Kurth <lars.kurth@citrix.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Cc: Ian Jackson <Ian.Jackson@citrix.com>,
"committers@xenproject.org" <committers@xenproject.org>,
"security@xenproject.org" <security@xenproject.org>
Subject: Re: [PATCH governance.git] Make Security Policy Doc ready to become a CNA
Date: Mon, 9 Apr 2018 15:02:39 +0000 [thread overview]
Message-ID: <C50E31D0-2237-4EAA-84EF-78B3469D2E22@citrix.com> (raw)
Note: this time with html disabled
To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md
Also fixed a typo in the following paragraph.
Signed-off-by: Lars Kurth <lars.kurth@citrix.com>
---
security-policy.pandoc | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..6796220 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,7 +19,15 @@ Scope of this process
This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
-Vulnerabilties reported against other Xen Project teams will be handled on a
+Specific information about features with security support can be found in
+
+1. [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+ in the releases' tar ball and its xen.git tree and on
+ [web pages generated from the SUPPORT.md file](http://xenbits.xenproject.org/docs/support/)
+2. For releases that do not contain SUPPORT.md, this information can be found
+ on the [Release Feature wiki page](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features)
+
+Vulnerabilities reported against other Xen Project teams will be handled on a
best effort basis by the relevant Project Lead together with the Security
Response Team.
@@ -401,7 +409,7 @@ Change History
--------------
<div class="box-note">
-
+- **v3.18 April 9th 2017:** Added reference to SUPPORT.md
- **v3.17 July 20th 2017:** Added Zynstra
- **v3.16 April 21st 2017:** Added HostPapa
- **v3.15 March 21st 2017:** Added CloudVPS (Feb 13) and BitDefender SRL
--
2.13.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next reply other threads:[~2018-04-09 15:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-09 15:02 Lars Kurth [this message]
2018-04-10 8:12 ` [PATCH governance.git] Make Security Policy Doc ready to become a CNA Juergen Gross
2018-04-10 12:26 ` Lars Kurth
-- strict thread matches above, loose matches on Subject: below --
2018-04-09 14:59 Lars Kurth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C50E31D0-2237-4EAA-84EF-78B3469D2E22@citrix.com \
--to=lars.kurth@citrix.com \
--cc=Ian.Jackson@citrix.com \
--cc=committers@xenproject.org \
--cc=security@xenproject.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.