[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [qemu-web PATCH v2] Add "Security Process" information to the main w

From: Thomas Huth
Subject: Re: [qemu-web PATCH v2] Add "Security Process" information to the main website
Date: Mon, 27 Jan 2020 11:00:29 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 23/01/2020 20.43, Eric Blake wrote:
> On 1/23/20 11:11 AM, Thomas Huth wrote:
>> One reporter of a security issue recently complained that it might not
>> be the best idea to store our "Security Process" in the Wiki. Well, while
>> the page in the Wiki is protected (so that only some few people can edit
>> it), it is still possible that someone might find a bug in the Wiki
>> software to alter the page contents...
>> Anyway, it looks more trustworthy if we present the "Security Process"
>> information in the static website instead. Thus this patch adds the
>> information from the wiki to the Jekyll-based website now.
>> Signed-off-by: Thomas Huth <address@hidden>
>> ---
>>   v2: Improved some sentences as suggested by Paolo
>> +### Publication embargo
>> +
>> +As a security issue reported, that is not already publically disclosed
> publicly
>> +elsewhere, has an embargo date assigned and communicated to reporter.
>> Embargo
> Reads awkwardly. I'd suggest:
> If a security issue is reported that is not already publicly disclosed,
> an embargo date may be assigned and communicated to the reporter.

Ok, thanks, I've added your suggestions and pushed the changes now to
the website.

To the people on CC: ... could someone please update the wiki page
(https://wiki.qemu.org/SecurityProcess) to point to
https://www.qemu.org/contribute/security-process/ instead? ... I don't
have write access to that page, so I can not do that on my own.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]