On 05/27/2015 12:47 PM, Lars Kurth wrote:
...
4. Advisory pre-release:
This occurs only if the advisory is embargoed (ie, the problem is not already
public):
As soon as our advisory is available, we will send it, including patches, to
members of the Xen security pre-disclosure list.
(Just adding Lars so he is aware and can run the formal vote once we
have consensus on a proposal for new text)
On Tue, 2015-05-26 at 15:38 +, Major Hayden wrote:
On 05/26/2015 07:15 AM, Stefano Stabellini wrote:
On Fri, 22 May 2015, Major Hayden wrote:
On 05/22/2015 09:04 AM, Jan
On 05/26/15 16:34, Major Hayden wrote:
On 05/26/2015 11:50 AM, Stefano Stabellini wrote:
I would go for:
In the event that public disclosure is less than 15 days away, we will
send a draft with information about the vulnerability to the
pre-disclosure list as soon as possible, even if
On 26 May 2015, at 17:34, Stefano Stabellini
stefano.stabell...@eu.citrix.com wrote:
Thanks for the help, folks. I've tossed a proposed security policy change
into a Github gist[1].
My proposal is to add this paragraph to the Embargo and disclosure
schedule section of the Xen
On Fri, 22 May 2015, Major Hayden wrote:
On 05/22/2015 09:04 AM, Jan Beulich wrote:
If you were to ask for this only if the time gap until embargo expiry
was less than the default of two weeks, maybe I would buy this.
I'm good with that as well. I think we're saying:
if
On 05/26/2015 07:15 AM, Stefano Stabellini wrote:
On Fri, 22 May 2015, Major Hayden wrote:
On 05/22/2015 09:04 AM, Jan Beulich wrote:
If you were to ask for this only if the time gap until embargo expiry
was less than the default of two weeks, maybe I would buy this.
I'm good with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/26/2015 11:50 AM, Stefano Stabellini wrote:
I would go for:
In the event that public disclosure is less than 15 days away, we will
send a draft with information about the vulnerability to the
pre-disclosure list as soon as possible, even
On Tue, 26 May 2015, Major Hayden wrote:
On 05/26/2015 07:15 AM, Stefano Stabellini wrote:
On Fri, 22 May 2015, Major Hayden wrote:
On 05/22/2015 09:04 AM, Jan Beulich wrote:
If you were to ask for this only if the time gap until embargo expiry
was less than the default of two weeks,
On 21.05.15 at 15:03, major.hay...@rackspace.com wrote:
Would it be possible to send out a pre-disclosure notice as soon as
permission is granted from the discoverer and the vulnerability is verified
as valid? In other words, could a pre-disclosure email be sent to parties on
the
On 05/22/2015 02:40 AM, Jan Beulich wrote:
I realize this is being written under the impression of XSA-133, where
the usual 2 week window between pre-disclosure and public disclosure
was (almost) missing. But that's an exception, not the rule. Are you
saying that the usual 2 week advance
On 22.05.15 at 15:14, major.hay...@rackspace.com wrote:
My request is that the Xen security team would send a pre-disclosure notice
of the vulnerability as soon as permission from the discoverer is granted
*even if* patches aren't available. For example, I'd like to receive a
notice
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/22/2015 09:04 AM, Jan Beulich wrote:
If you were to ask for this only if the time gap until embargo expiry
was less than the default of two weeks, maybe I would buy this.
I'm good with that as well. I think we're saying:
if
12 matches
Mail list logo