* KVM call agenda for 2014-04-28 @ 2014-04-28 7:42 Juan Quintela 2014-04-28 7:44 ` Venkateswara Rao Nandigam 2014-04-28 15:34 ` [Qemu-devel] " Markus Armbruster 0 siblings, 2 replies; 15+ messages in thread From: Juan Quintela @ 2014-04-28 7:42 UTC (permalink / raw) To: KVM devel mailing list, qemu list Hi Please, send any topic that you are interested in covering. Thanks, Juan. Call details: 15:00 CEST 13:00 UTC 09:00 EDT Every two weeks If you need phone number details, contact me privately. ^ permalink raw reply [flat|nested] 15+ messages in thread
* RE: KVM call agenda for 2014-04-28 2014-04-28 7:42 KVM call agenda for 2014-04-28 Juan Quintela @ 2014-04-28 7:44 ` Venkateswara Rao Nandigam 2014-04-29 12:33 ` Juan Quintela 2014-04-28 15:34 ` [Qemu-devel] " Markus Armbruster 1 sibling, 1 reply; 15+ messages in thread From: Venkateswara Rao Nandigam @ 2014-04-28 7:44 UTC (permalink / raw) To: quintela, KVM devel mailing list, qemu list What is the Phone numbers of the call? -----Original Message----- From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On Behalf Of Juan Quintela Sent: Monday, April 28, 2014 1:13 PM To: KVM devel mailing list; qemu list Subject: KVM call agenda for 2014-04-28 Hi Please, send any topic that you are interested in covering. Thanks, Juan. Call details: 15:00 CEST 13:00 UTC 09:00 EDT Every two weeks If you need phone number details, contact me privately. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: KVM call agenda for 2014-04-28 2014-04-28 7:44 ` Venkateswara Rao Nandigam @ 2014-04-29 12:33 ` Juan Quintela 0 siblings, 0 replies; 15+ messages in thread From: Juan Quintela @ 2014-04-29 12:33 UTC (permalink / raw) To: Venkateswara Rao Nandigam; +Cc: KVM devel mailing list, qemu list Venkateswara Rao Nandigam <venkateswararao.nandigam@citrix.com> wrote: > What is the Phone numbers of the call? Can you told me where you are based, and I can search for I hope one of the numbers is good for you O:-) Bi-weekly conference to discuss kvm and qemu issues. Conference Code: 5402697718 For the phone numbers, visit that page: https://www-emea.intercallonline.com/listNumbersByCode.action?confCode=5402697718 If you have any problem, let me know. > > -----Original Message----- > From: kvm-owner@vger.kernel.org [mailto:kvm-owner@vger.kernel.org] On > Behalf Of Juan Quintela > Sent: Monday, April 28, 2014 1:13 PM > To: KVM devel mailing list; qemu list > Subject: KVM call agenda for 2014-04-28 > > > Hi > > Please, send any topic that you are interested in covering. > > Thanks, Juan. > > Call details: > > 15:00 CEST > 13:00 UTC > 09:00 EDT > > Every two weeks > > If you need phone number details, contact me privately. > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-28 7:42 KVM call agenda for 2014-04-28 Juan Quintela 2014-04-28 7:44 ` Venkateswara Rao Nandigam @ 2014-04-28 15:34 ` Markus Armbruster 2014-04-29 5:51 ` Michael S. Tsirkin 2014-04-29 8:54 ` Alexander Graf 1 sibling, 2 replies; 15+ messages in thread From: Markus Armbruster @ 2014-04-28 15:34 UTC (permalink / raw) To: quintela; +Cc: KVM devel mailing list, qemu list Juan Quintela <quintela@redhat.com> writes: > Hi > > Please, send any topic that you are interested in covering. [...] I'd like to have these things settled sooner than five minutes before the scheduled hour, so here goes: call or no call? Agenda? ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: KVM call agenda for 2014-04-28 2014-04-28 15:34 ` [Qemu-devel] " Markus Armbruster @ 2014-04-29 5:51 ` Michael S. Tsirkin 2014-04-29 8:56 ` [Qemu-devel] " Peter Maydell 2014-04-29 8:54 ` Alexander Graf 1 sibling, 1 reply; 15+ messages in thread From: Michael S. Tsirkin @ 2014-04-29 5:51 UTC (permalink / raw) To: Markus Armbruster; +Cc: quintela, qemu list, KVM devel mailing list On Mon, Apr 28, 2014 at 05:34:34PM +0200, Markus Armbruster wrote: > Juan Quintela <quintela@redhat.com> writes: > > > Hi > > > > Please, send any topic that you are interested in covering. > > [...] > > I'd like to have these things settled sooner than five minutes before > the scheduled hour, so here goes: call or no call? Agenda? If not too late, I'd like to discuss our security process. Do we as the project generally agree to use responsible disclosure policy http://en.wikipedia.org/wiki/Responsible_disclosure ? ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 5:51 ` Michael S. Tsirkin @ 2014-04-29 8:56 ` Peter Maydell 2014-04-29 10:09 ` Michael S. Tsirkin 0 siblings, 1 reply; 15+ messages in thread From: Peter Maydell @ 2014-04-29 8:56 UTC (permalink / raw) To: Michael S. Tsirkin Cc: Markus Armbruster, qemu list, KVM devel mailing list, Juan Quintela On 29 April 2014 06:51, Michael S. Tsirkin <mst@redhat.com> wrote: > If not too late, I'd like to discuss our security process. > Do we as the project generally agree to use responsible disclosure policy > http://en.wikipedia.org/wiki/Responsible_disclosure ? I think something like that makes sense. I'm a bit wary that we write up some complicated policy that we're not then in practice capable of executing given our level of resources. We should certainly write out some documentation though... thanks -- PMM ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 8:56 ` [Qemu-devel] " Peter Maydell @ 2014-04-29 10:09 ` Michael S. Tsirkin 2014-04-29 11:20 ` Peter Maydell 2014-04-29 13:05 ` Stefan Hajnoczi 0 siblings, 2 replies; 15+ messages in thread From: Michael S. Tsirkin @ 2014-04-29 10:09 UTC (permalink / raw) To: Peter Maydell Cc: Markus Armbruster, qemu list, KVM devel mailing list, Juan Quintela On Tue, Apr 29, 2014 at 09:56:19AM +0100, Peter Maydell wrote: > On 29 April 2014 06:51, Michael S. Tsirkin <mst@redhat.com> wrote: > > If not too late, I'd like to discuss our security process. > > Do we as the project generally agree to use responsible disclosure policy > > http://en.wikipedia.org/wiki/Responsible_disclosure ? > > I think something like that makes sense. I'm a bit wary that > we write up some complicated policy that we're not then > in practice capable of executing given our level of resources. > We should certainly write out some documentation though... > > thanks > -- PMM I didn't have anything complex in mind. Let's just make clear how to contact us securely, when to contact that list, and what we'll do with the info. I cobbled together the following: http://wiki.qemu.org/SecurityProcess -- MST ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: KVM call agenda for 2014-04-28 2014-04-29 10:09 ` Michael S. Tsirkin @ 2014-04-29 11:20 ` Peter Maydell 2014-04-29 12:33 ` [Qemu-devel] " Markus Armbruster 2014-04-29 13:05 ` Stefan Hajnoczi 1 sibling, 1 reply; 15+ messages in thread From: Peter Maydell @ 2014-04-29 11:20 UTC (permalink / raw) To: Michael S. Tsirkin Cc: Juan Quintela, Markus Armbruster, KVM devel mailing list, qemu list On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: > Let's just make clear how to contact us securely, when to contact that > list, and what we'll do with the info. I cobbled together the > following: > http://wiki.qemu.org/SecurityProcess Looks generally OK I guess. I'd drop the 'how to use pgp' section -- anybody who cares will already know how to send us PGP email. thanks -- PMM ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 11:20 ` Peter Maydell @ 2014-04-29 12:33 ` Markus Armbruster 2014-04-29 11:45 ` Michael S. Tsirkin 2014-04-29 12:55 ` Daniel P. Berrange 0 siblings, 2 replies; 15+ messages in thread From: Markus Armbruster @ 2014-04-29 12:33 UTC (permalink / raw) To: Peter Maydell Cc: Michael S. Tsirkin, Juan Quintela, KVM devel mailing list, qemu list Peter Maydell <peter.maydell@linaro.org> writes: > On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: >> Let's just make clear how to contact us securely, when to contact that >> list, and what we'll do with the info. I cobbled together the >> following: >> http://wiki.qemu.org/SecurityProcess > > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- > anybody who cares will already know how to send us PGP email. The first paragraph under "How to Contact Us Securely" is fine, the rest seems redundant for readers familiar with PGP, yet hardly sufficient for the rest. One thing I like about Libvirt's Security Process page[*] is they give an idea on embargo duration. [*] http://libvirt.org/securityprocess.html ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 12:33 ` [Qemu-devel] " Markus Armbruster @ 2014-04-29 11:45 ` Michael S. Tsirkin 2014-04-29 12:55 ` Daniel P. Berrange 1 sibling, 0 replies; 15+ messages in thread From: Michael S. Tsirkin @ 2014-04-29 11:45 UTC (permalink / raw) To: Markus Armbruster Cc: Peter Maydell, Juan Quintela, KVM devel mailing list, qemu list On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote: > Peter Maydell <peter.maydell@linaro.org> writes: > > > On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: > >> Let's just make clear how to contact us securely, when to contact that > >> list, and what we'll do with the info. I cobbled together the > >> following: > >> http://wiki.qemu.org/SecurityProcess > > > > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- > > anybody who cares will already know how to send us PGP email. > > The first paragraph under "How to Contact Us Securely" is fine, the rest > seems redundant for readers familiar with PGP, yet hardly sufficient for > the rest. > > One thing I like about Libvirt's Security Process page[*] is they give > an idea on embargo duration. > > > [*] http://libvirt.org/securityprocess.html I don't have an idea though. Do you? Let's try the process for a while, see how well we manage in practice. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: KVM call agenda for 2014-04-28 2014-04-29 12:33 ` [Qemu-devel] " Markus Armbruster 2014-04-29 11:45 ` Michael S. Tsirkin @ 2014-04-29 12:55 ` Daniel P. Berrange 2014-04-29 13:31 ` [Qemu-devel] " Markus Armbruster 1 sibling, 1 reply; 15+ messages in thread From: Daniel P. Berrange @ 2014-04-29 12:55 UTC (permalink / raw) To: Markus Armbruster Cc: Peter Maydell, Michael S. Tsirkin, qemu list, KVM devel mailing list, Juan Quintela On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote: > Peter Maydell <peter.maydell@linaro.org> writes: > > > On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: > >> Let's just make clear how to contact us securely, when to contact that > >> list, and what we'll do with the info. I cobbled together the > >> following: > >> http://wiki.qemu.org/SecurityProcess > > > > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- > > anybody who cares will already know how to send us PGP email. > > The first paragraph under "How to Contact Us Securely" is fine, the rest > seems redundant for readers familiar with PGP, yet hardly sufficient for > the rest. > > One thing I like about Libvirt's Security Process page[*] is they give > an idea on embargo duration. FWIW I picked the "2 weeks" length myself a completely arbitrary timeframe. We haven't stuck to that strictly - we consider needs of each vulnerability as it is triaged to determine the minimum practical embargo time. So think of "2 weeks" as more of a guiding principal to show the world that we don't believe in keeping issues under embargo for very long periods of time. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 12:55 ` Daniel P. Berrange @ 2014-04-29 13:31 ` Markus Armbruster 2014-04-29 12:57 ` Michael S. Tsirkin 0 siblings, 1 reply; 15+ messages in thread From: Markus Armbruster @ 2014-04-29 13:31 UTC (permalink / raw) To: Daniel P. Berrange Cc: Peter Maydell, Michael S. Tsirkin, qemu list, KVM devel mailing list, Juan Quintela "Daniel P. Berrange" <berrange@redhat.com> writes: > On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote: >> Peter Maydell <peter.maydell@linaro.org> writes: >> >> > On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> Let's just make clear how to contact us securely, when to contact that >> >> list, and what we'll do with the info. I cobbled together the >> >> following: >> >> http://wiki.qemu.org/SecurityProcess >> > >> > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- >> > anybody who cares will already know how to send us PGP email. >> >> The first paragraph under "How to Contact Us Securely" is fine, the rest >> seems redundant for readers familiar with PGP, yet hardly sufficient for >> the rest. >> >> One thing I like about Libvirt's Security Process page[*] is they give >> an idea on embargo duration. > > FWIW I picked the "2 weeks" length myself a completely arbitrary timeframe. > We haven't stuck to that strictly - we consider needs of each vulnerability > as it is triaged to determine the minimum practical embargo time. So think > of "2 weeks" as more of a guiding principal to show the world that we don't > believe in keeping issues under embargo for very long periods of time. Pretty much the way I read it :) The point I care about is a commitment to getting fixes out quickly, making clear we're not going to abuse "responsible disclosure" to cover dragging of feet and deflecting blame. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 13:31 ` [Qemu-devel] " Markus Armbruster @ 2014-04-29 12:57 ` Michael S. Tsirkin 0 siblings, 0 replies; 15+ messages in thread From: Michael S. Tsirkin @ 2014-04-29 12:57 UTC (permalink / raw) To: Markus Armbruster Cc: Daniel P. Berrange, Peter Maydell, qemu list, KVM devel mailing list, Juan Quintela On Tue, Apr 29, 2014 at 03:31:32PM +0200, Markus Armbruster wrote: > "Daniel P. Berrange" <berrange@redhat.com> writes: > > > On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote: > >> Peter Maydell <peter.maydell@linaro.org> writes: > >> > >> > On 29 April 2014 11:09, Michael S. Tsirkin <mst@redhat.com> wrote: > >> >> Let's just make clear how to contact us securely, when to contact that > >> >> list, and what we'll do with the info. I cobbled together the > >> >> following: > >> >> http://wiki.qemu.org/SecurityProcess > >> > > >> > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- > >> > anybody who cares will already know how to send us PGP email. > >> > >> The first paragraph under "How to Contact Us Securely" is fine, the rest > >> seems redundant for readers familiar with PGP, yet hardly sufficient for > >> the rest. > >> > >> One thing I like about Libvirt's Security Process page[*] is they give > >> an idea on embargo duration. > > > > FWIW I picked the "2 weeks" length myself a completely arbitrary timeframe. > > We haven't stuck to that strictly - we consider needs of each vulnerability > > as it is triaged to determine the minimum practical embargo time. So think > > of "2 weeks" as more of a guiding principal to show the world that we don't > > believe in keeping issues under embargo for very long periods of time. > > Pretty much the way I read it :) > > The point I care about is a commitment to getting fixes out quickly, > making clear we're not going to abuse "responsible disclosure" to cover > dragging of feet and deflecting blame. Well it does say right at the top: "we aim to take immediate action to address serious security-related problems that involve our product". I don't see how by myself I can make a more specific commitment. If multiple maintainers can make a stronger guarantee, we can document it (it's a wiki :) It won't be easy to retract a promise once given, so let's tread carefully here. -- MST ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-29 10:09 ` Michael S. Tsirkin 2014-04-29 11:20 ` Peter Maydell @ 2014-04-29 13:05 ` Stefan Hajnoczi 1 sibling, 0 replies; 15+ messages in thread From: Stefan Hajnoczi @ 2014-04-29 13:05 UTC (permalink / raw) To: Michael S. Tsirkin Cc: Peter Maydell, Juan Quintela, Markus Armbruster, KVM devel mailing list, qemu list On Tue, Apr 29, 2014 at 12:09 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Tue, Apr 29, 2014 at 09:56:19AM +0100, Peter Maydell wrote: >> On 29 April 2014 06:51, Michael S. Tsirkin <mst@redhat.com> wrote: >> > If not too late, I'd like to discuss our security process. >> > Do we as the project generally agree to use responsible disclosure policy >> > http://en.wikipedia.org/wiki/Responsible_disclosure ? >> >> I think something like that makes sense. I'm a bit wary that >> we write up some complicated policy that we're not then >> in practice capable of executing given our level of resources. >> We should certainly write out some documentation though... >> >> thanks >> -- PMM > > I didn't have anything complex in mind. > > Let's just make clear how to contact us securely, when to contact that > list, and what we'll do with the info. I cobbled together the > following: > http://wiki.qemu.org/SecurityProcess Looks good. Responsible disclosure plus who to contact should be enough to help people report security issues properly. Stefan ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] KVM call agenda for 2014-04-28 2014-04-28 15:34 ` [Qemu-devel] " Markus Armbruster 2014-04-29 5:51 ` Michael S. Tsirkin @ 2014-04-29 8:54 ` Alexander Graf 1 sibling, 0 replies; 15+ messages in thread From: Alexander Graf @ 2014-04-29 8:54 UTC (permalink / raw) To: Markus Armbruster Cc: Juan Quintela, KVM devel mailing list, qemu list, Peter Maydell, Anthony Liguori, Andreas Färber, Stuart Yoder, Eric Auger On 28.04.2014, at 17:34, Markus Armbruster <armbru@redhat.com> wrote: > Juan Quintela <quintela@redhat.com> writes: > >> Hi >> >> Please, send any topic that you are interested in covering. > > [...] > > I'd like to have these things settled sooner than five minutes before > the scheduled hour, so here goes: call or no call? Agenda? I don't think we managed to fully conclude on a good way to assign sysbus/platbus devices into the guest using configuration data only, did we? Would be good to put that on today's agenda again and conclude on something, so people who need it can work into the right direction. Alex ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2014-04-29 13:56 UTC | newest] Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-04-28 7:42 KVM call agenda for 2014-04-28 Juan Quintela 2014-04-28 7:44 ` Venkateswara Rao Nandigam 2014-04-29 12:33 ` Juan Quintela 2014-04-28 15:34 ` [Qemu-devel] " Markus Armbruster 2014-04-29 5:51 ` Michael S. Tsirkin 2014-04-29 8:56 ` [Qemu-devel] " Peter Maydell 2014-04-29 10:09 ` Michael S. Tsirkin 2014-04-29 11:20 ` Peter Maydell 2014-04-29 12:33 ` [Qemu-devel] " Markus Armbruster 2014-04-29 11:45 ` Michael S. Tsirkin 2014-04-29 12:55 ` Daniel P. Berrange 2014-04-29 13:31 ` [Qemu-devel] " Markus Armbruster 2014-04-29 12:57 ` Michael S. Tsirkin 2014-04-29 13:05 ` Stefan Hajnoczi 2014-04-29 8:54 ` Alexander Graf
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.