On Fri, Sep 11, 2020 at 04:51:49PM +0100, Peter Maydell wrote: > It sounds like you > want it to be a larger grouping than that and maybe also > want to use it as a mechanism for informing downstream distros > etc about QEMU security issues, which is to say you're > proposing an overhaul and change to our security process, > not merely "we'd like to create a mailing list" ?
Yes, please discuss the reasons for wanting a mailing list: Is the goal to involve more people in triaging CVEs in a timely manner? Is the goal to include new people who have recently asked to participate? Is the goal to use an easier workflow than manually sending encrypted email to a handful of people? etc Stefan
signature.asc
Description: PGP signature
