On Friday, January 02, 2015 01:44:49 PM Ben Pfaff wrote: > Open vSwitch needs some kind of process for handling vulnerabilities. So > far, we've been pretty lucky that way, but it can't last forever, and I > think we'll be better off if we have at least the outline of an established > process whenever a significant vulnerability comes along. Here's my draft > of a process based on the documentation of the OpenStack process at > https://wiki.openstack.org/wiki/Vulnerability_Management. > > I don't have a lot of experience with this kind of thing myself, so I'd > appreciate critical review from anyone who does. > > Signed-off-by: Ben Pfaff <[email protected]> > ---
My concern is with open communications. It should be possible to anyone to report the issue, but further communications should be authenticated and closed to avoid someone else to fake messages/patches, etc. Is the mailing list ready? Reviewed-by: Flavio Leitner <[email protected]> Thanks Ben! fbl _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
