From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: Security support for debug=y builds (Was Re: Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)) Date: Mon, 07 Jan 2013 16:22:43 +0000 Message-ID: References: <344C0F67BC927847A2C92F9EE358DB0E01224E5B38CD@LONPMAILBOX01.citrite.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <344C0F67BC927847A2C92F9EE358DB0E01224E5B38CD@LONPMAILBOX01.citrite.net> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: James Bulpin , Andrew Cooper Cc: xen-users , "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org On 07/01/2013 12:58, "James Bulpin" wrote: > On Mon, 2013-01-07 at 11:21 +0000, Andrew Cooper wrote: >> On 07/01/13 11:08, Keir Fraser wrote: >>> On 07/01/2013 10:21, "Ian Campbell" wrote: >>>> * debug=y bugs are Just Bugs and not security issues. i.e. they >>>> are discussed and fixed publicly on xen-devel and the fix is >>>> checked in in the usual way. There is no embargo or specific >>>> announcement. changelog may or may not refer to the security >>>> implications if debug=y is enabled. >>> This is my preference. I consider debug builds to be developer builds, and >>> wouldn't expect to see them used in production environments. We set debug=n >>> by default in our stable branches for that reason. >>> >>> -- Keir >> >> I second this opinion. Production environments should not be running >> development builds. > > +1 but I'd still like to see such issues backported to stable branches. Yes, this already happens and will not change. -- Keir > Cheers, > James > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel