[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About 'qemu-security' mailing list
From: |
P J P |
Subject: |
Re: About 'qemu-security' mailing list |
Date: |
Tue, 15 Sep 2020 16:18:47 +0530 (IST) |
Hello,
+-- On Fri, 11 Sep 2020, Peter Maydell wrote --+
| Way way back, the idea of a qemu-security list was proposed, and it was
| decided against because there wasn't a clear way that people could send
| encrypted mail to the security team if it was just a mailing list. So that's
| why we have the "handful of individual contacts" approach. Is that still
| something people care about ?
* So far issue reports have mostly been unencrypted.
* All issue reports may not need encryption.
* If someone still wants to send an encrypted report, few contacts with their
GPG keys could be made available, as is available now.
+-- On Mon, 14 Sep 2020, Stefan Hajnoczi wrote --+
| On Fri, Sep 11, 2020 at 04:51:49PM +0100, Peter Maydell wrote:
| > want it to be a larger grouping than that and maybe also want to use it as
| > a mechanism for informing downstream distros etc about QEMU security
| > issues, which is to say you're proposing an overhaul and change to our
| > security process, not merely "we'd like to create a mailing list" ?
|
| Yes, please discuss the reasons for wanting a mailing list:
|
| Is the goal to involve more people in triaging CVEs in a timely manner?
This will be welcome for fix patches.
| Is the goal to include new people who have recently asked to participate?
We've not received such request yet.
| Is the goal to use an easier workflow than manually sending encrypted
| email to a handful of people?
* Current proposal is more for enabling communities and downstream distros to
know about the issues as and when they are reported. Ie. heads-up mechanism.
Just to note, we've not received any request for such notifications.
* If maintainers are on this list, that could help with the triage and fix
patches.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
- Re: About 'qemu-security' mailing list, (continued)
- Re: About 'qemu-security' mailing list, Alexander Bulekov, 2020/09/11
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/11
- Re: About 'qemu-security' mailing list, Peter Maydell, 2020/09/11
- Re: About 'qemu-security' mailing list, Philippe Mathieu-Daudé, 2020/09/14
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/14
- Re: About 'qemu-security' mailing list, Stefan Hajnoczi, 2020/09/14
- Re: About 'qemu-security' mailing list,
P J P <=
- Re: About 'qemu-security' mailing list, Stefan Hajnoczi, 2020/09/16
- Re: About 'qemu-security' mailing list, Peter Maydell, 2020/09/16
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/16
- Re: About 'qemu-security' mailing list, Thomas Huth, 2020/09/16
- Re: About 'qemu-security' mailing list, Daniel P . Berrangé, 2020/09/16
- Re: About 'qemu-security' mailing list, P J P, 2020/09/18
- Re: About 'qemu-security' mailing list, P J P, 2020/09/30
- Re: About 'qemu-security' mailing list, Darren Kenny, 2020/09/30