[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1 1/1] security-process: update process information
|
From: |
P J P |
|
Subject: |
Re: [PATCH v1 1/1] security-process: update process information |
|
Date: |
Thu, 3 Dec 2020 11:06:59 +0530 (IST) |
Hello Dan, Stefano,
+-- On Wed, 2 Dec 2020, Stefano Stabellini wrote --+
| On Wed, 2 Dec 2020, Daniel P. Berrangé wrote:
| > > + any third parties, including Xen Security Project, without your prior
| > > + permission.
| >
| > Why this explicit note about the Xen project ? What if we decide to want
| > a member of the Xen security team on the QEMU security mailing list so that
| > we can collaborate on triage ?
* While that's fair point, what I think it means is, even if members from
other communities are present on the qemu-security list, any explicit
communication and/or sharing of issue details/information/reproducers etc.
across communities, with non-members will not happen without prior
permission from the reporter(s).
* Besides, that is not new text, it is from the current process page
-> https://www.qemu.org/contribute/security-process/
| this is not an issue because the individual (probably me) of course
| would not report anything to the Xen security team without prior
| permission.
+1000..., appreciate it.:)
| > Any non-public information you share about security issues, is kept
| > confidential between members of the QEMU security team, and a minimal
| > number of supporting staff in their affliated companies. Information
| > will not be disclosed to other third party organizations/individuals
| > without prior permission from the reporter
|
| Sounds good to me
Same here, will fix it.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D