On Mon, Jan 05, 2015 at 02:23:45PM -0200, Flavio Leitner wrote:
> On Friday, January 02, 2015 01:44:49 PM Ben Pfaff wrote:
> > Open vSwitch needs some kind of process for handling vulnerabilities.  So
> > far, we've been pretty lucky that way, but it can't last forever, and I
> > think we'll be better off if we have at least the outline of an established
> > process whenever a significant vulnerability comes along.  Here's my draft
> > of a process based on the documentation of the OpenStack process at
> > https://wiki.openstack.org/wiki/Vulnerability_Management.
> > 
> > I don't have a lot of experience with this kind of thing myself, so I'd
> > appreciate critical review from anyone who does.
> > 
> > Signed-off-by: Ben Pfaff <b...@nicira.com>
> > ---
> 
> My concern is with open communications.  It should be
> possible to anyone to report the issue, but further communications
> should be authenticated and closed to avoid someone else to
> fake messages/patches, etc.

As a list open for posting, anyone can report an issue.

I don't know how to implement the authentication you mention.  Is there
a customary way to do it, that will not shut out reporters who do not
have some specific email client etc.?
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to