On Wed, 13 Feb 2019, Rich Persaud wrote:
> On Feb 4, 2019, at 13:22, Stefano Stabellini <sstabell...@kernel.org> wrote:
>
> On Mon, 4 Feb 2019, Roger Pau Monné wrote:
> Yes, v7 was sent to address Jan and Julien's review
> comments in parallel
>
> with our ongoing discussion on v5 macros. v7 also provided
> a checkpoint
>
> for Argo testers to maximize test coverage as the series
> converges into
>
> a Xen 4.12 merge candidate for Juergen. It addressed:
>
>
> - Jan's v6 review comments
>
> - Julien's v1 review comment
>
> - most of your xen-devel and offline review comments
>
>
> I think it will benefit the community to give this review in
> public,
>
> so other reviewers know whats going on. IMO getting this private
>
> review makes it harder for me (as a reviewer) to know the
> motivation
>
> of some of the changes between versions, and likely also makes it
>
> harder for you since you have to keep track of comments from
> multiple
>
> sources on different channels.
>
>
> There is one more reason to require public comments which I have only
> learned recently: for safety certifications we need to keep a record of
> all review comments and patches that address them for traceability.
>
>
> Do you mean:
>
> (A) all _merged_ patches and their review comments
>
> or
>
> (B) all comments and patches (merged or not) that address them
>
> i.e. would the certification process be seeking traceability of
> safety-impacting patches (code, scenario A) or decisions
> (including decisions to leave code unchanged, scenario B)?
I meant (A), however, I don't know specifically if anything from (B) is
also required.
> If you mean (B), would we need an update to the Xen Security Problem Response
> Process [1]? e.g. public archive of all comments
> from pre-disclosure discussion, along with content hashes stored immutably?
> Rich
>
> [1] https://www.xenproject.org/security-policy.html
I don't think the archives of the pre-disclosure security discussions
need to be public, but they probably need to be available.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
