qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About 'qemu-security' mailing list

From: Philippe Mathieu-Daudé
Subject: Re: About 'qemu-security' mailing list
Date: Mon, 14 Sep 2020 09:38:07 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 
On 9/11/20 5:51 PM, Peter Maydell wrote:
> On Fri, 11 Sep 2020 at 15:22, P J P <ppandit@redhat.com> wrote:
>> Proposal: (to address above limitations)
>> =========
>>
>> * We set up a new 'qemu-security' mailing list.
>>
>> * QEMU security issues are reported to this new list only.
>>
>> * Representatives from various communities subscribe to this list. (List 
>> maybe
>>    moderated in the beginning.)
>>
>> * As QEMU issues come in, participants on the 'qemu-security' list shall
>>    discuss and decide about how to triage them further.
> 
> Way way back, the idea of a qemu-security list was proposed, and
> it was decided against because there wasn't a clear way that
> people could send encrypted mail to the security team if it
> was just a mailing list. So that's why we have the "handful
> of individual contacts" approach. Is that still something people
> care about ?

I don't think so, as I took care to encrypt a bug report and
received the reply unencrypted =) Not sure this is the default
although, as this was my unique experience following the security
process.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]