[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [qemu-web PATCH] Add "Security Process" information to the main webs

From: Paolo Bonzini
Subject: Re: [qemu-web PATCH] Add "Security Process" information to the main website
Date: Thu, 23 Jan 2020 15:11:48 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1

On 23/01/20 14:59, Thomas Huth wrote:
> Anyway, it looks more trustworthy if we present the "Security Process"
> information in the static website instead. Thus this patch adds the
> information from the wiki to the Jekyll-based website now.

Fair enough; here are some edits so that we can improve the text a bit
in the meanwhile.

> +We use a GNU Privacy Guard (GnuPG or GPG) keys to secure communications. Mail

Remove "a".

> +sent to members of the list can be encrypted with public keys of all members
> +of the list. We expect to change some of the keys we use from time to time.
> +Should we change the key, the previous keys will be revoked.

Should a key change, the previous one will be revoked.

> +* Is QEMU used in conjunction with a hypervisor (as opposed to TCG binary
> +  translation TCG)?

Two "TCG"s.

> +Whenever some or all of these questions have negative answers, what appears 
> to
> +be a genuine security flaw might be considered of low severity because it 
> could
> +only be exercised in use cases where QEMU and everything interacting with it 
> is
> +trusted.


> +Prima facie, this bug appears to be a genuine security flaw, with potentially
> +severe implications. But digging further down, it shows that there are  only
> +two ways to use SD Host Controller emulation, one is via 'sdhci-pci' 
> interface
> +and the other is via 'generic-sdhci' interface.

I can understand some Latin, but perhaps s/Prima facie/On the surface/

Also, s/it shows that//

> +Of these two, the 'sdhci-pci' interface is relatively new and had actually 
> been

s/is relatively new and//



reply via email to

[Prev in Thread] Current Thread [Next in Thread]