[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [qemu-web PATCH] Add "Security Process" information to the main webs
Re: [qemu-web PATCH] Add "Security Process" information to the main website
Thu, 23 Jan 2020 15:11:48 +0100
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1
On 23/01/20 14:59, Thomas Huth wrote:
> Anyway, it looks more trustworthy if we present the "Security Process"
> information in the static website instead. Thus this patch adds the
> information from the wiki to the Jekyll-based website now.
Fair enough; here are some edits so that we can improve the text a bit
in the meanwhile.
> +We use a GNU Privacy Guard (GnuPG or GPG) keys to secure communications. Mail
> +sent to members of the list can be encrypted with public keys of all members
> +of the list. We expect to change some of the keys we use from time to time.
> +Should we change the key, the previous keys will be revoked.
Should a key change, the previous one will be revoked.
> +* Is QEMU used in conjunction with a hypervisor (as opposed to TCG binary
> + translation TCG)?
> +Whenever some or all of these questions have negative answers, what appears
> +be a genuine security flaw might be considered of low severity because it
> +only be exercised in use cases where QEMU and everything interacting with it
> +Prima facie, this bug appears to be a genuine security flaw, with potentially
> +severe implications. But digging further down, it shows that there are only
> +two ways to use SD Host Controller emulation, one is via 'sdhci-pci'
> +and the other is via 'generic-sdhci' interface.
I can understand some Latin, but perhaps s/Prima facie/On the surface/
Also, s/it shows that//
> +Of these two, the 'sdhci-pci' interface is relatively new and had actually
s/is relatively new and//