Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Juergen Gross-3
On 10/05/17 15:38, Ian Jackson wrote:

> When the Xen Project Security Team talks to discoverers about choice
> of release dates for security vulnerabilities, we generally try to
> avoid known public holidays (subject to other constraints such as the
> discoverer's requirements, the Xen Project policy, and so on).
>
> We wish to make this arrangement a bit more formal, and in particular
> to provide discoverers (who ultimately decide disclosure dates) and
> the Security Team (who often give advice) with good information to
> support their decisions.
>
> To this end we have created a wiki page where interested community
> members can document public holidays which would affect their ability
> to respond to security issues.
>
> Please see:
>   https://wiki.xenproject.org/wiki/HolidayCalendar

Are you planning to add a link to this page somewhere in the wiki?


Juergen

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Ian Jackson-2
(dropping announce)

Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
> On 10/05/17 15:38, Ian Jackson wrote:
> > Please see:
> >   https://wiki.xenproject.org/wiki/HolidayCalendar
>
> Are you planning to add a link to this page somewhere in the wiki?

I haven't done so.  I guess it would be a good idea.  Please go ahead
and do so :-).

Ian.

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Juergen Gross-3
On 10/05/17 16:07, Ian Jackson wrote:

> (dropping announce)
>
> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>> On 10/05/17 15:38, Ian Jackson wrote:
>>> Please see:
>>>   https://wiki.xenproject.org/wiki/HolidayCalendar
>>
>> Are you planning to add a link to this page somewhere in the wiki?
>
> I haven't done so.  I guess it would be a good idea.  Please go ahead
> and do so :-).

Okay. But where?

I guess the most logical place would be the "Xen security problem
response process" definition, which I obviously can't change.

Another place would be:

https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)

Any other ideas?


Juergen

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Lars Kurth-4

> On 10 May 2017, at 15:31, Juergen Gross <[hidden email]> wrote:
>
> On 10/05/17 16:07, Ian Jackson wrote:
>> (dropping announce)
>>
>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>> Please see:
>>>>  https://wiki.xenproject.org/wiki/HolidayCalendar
>>>
>>> Are you planning to add a link to this page somewhere in the wiki?
>>
>> I haven't done so.  I guess it would be a good idea.  Please go ahead
>> and do so :-).
>
> Okay. But where?
>
> I guess the most logical place would be the "Xen security problem
> response process" definition, which I obviously can't change.
>
> Another place would be:
>
> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>
> Any other ideas?

I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)

Lars


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Lars Kurth-4

> On 10 May 2017, at 15:37, Lars Kurth <[hidden email]> wrote:
>
>>
>> On 10 May 2017, at 15:31, Juergen Gross <[hidden email]> wrote:
>>
>> On 10/05/17 16:07, Ian Jackson wrote:
>>> (dropping announce)
>>>
>>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>>> Please see:
>>>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>>>
>>>> Are you planning to add a link to this page somewhere in the wiki?
>>>
>>> I haven't done so.  I guess it would be a good idea.  Please go ahead
>>> and do so :-).
>>
>> Okay. But where?
>>
>> I guess the most logical place would be the "Xen security problem
>> response process" definition, which I obviously can't change.
>>
>> Another place would be:
>>
>> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>>
>> Any other ideas?
>
> I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)

I added "SECURITY POLICY RELATED DOCUMENTS" (top right) to https://xenproject.org/security-policy.html

Let me know if that works

Lars
_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: [Xen-devel] Vulnerability embargo dates - add your public holidays

Juergen Gross-3
On 10/05/17 16:59, Lars Kurth wrote:

>
>> On 10 May 2017, at 15:37, Lars Kurth <[hidden email]> wrote:
>>
>>>
>>> On 10 May 2017, at 15:31, Juergen Gross <[hidden email]> wrote:
>>>
>>> On 10/05/17 16:07, Ian Jackson wrote:
>>>> (dropping announce)
>>>>
>>>> Juergen Gross writes ("Re: [Xen-devel] Vulnerability embargo dates - add your public holidays"):
>>>>> On 10/05/17 15:38, Ian Jackson wrote:
>>>>>> Please see:
>>>>>> https://wiki.xenproject.org/wiki/HolidayCalendar
>>>>>
>>>>> Are you planning to add a link to this page somewhere in the wiki?
>>>>
>>>> I haven't done so.  I guess it would be a good idea.  Please go ahead
>>>> and do so :-).
>>>
>>> Okay. But where?
>>>
>>> I guess the most logical place would be the "Xen security problem
>>> response process" definition, which I obviously can't change.
>>>
>>> Another place would be:
>>>
>>> https://wiki.xenproject.org/wiki/Security_Announcements_(Historical)
>>>
>>> Any other ideas?
>>
>> I can put a widget on the security response page on xenproject.org (there is already one, linking to PGP keys, etc.)
>
> I added "SECURITY POLICY RELATED DOCUMENTS" (top right) to https://xenproject.org/security-policy.html
>
> Let me know if that works

It does. :-)


Thanks,

Juergen


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users