[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: About 'qemu-security' mailing list
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: About 'qemu-security' mailing list |
|
Date: |
Tue, 17 Nov 2020 14:46:12 +0000 |
On Fri, Oct 16, 2020 at 07:47:01PM +0530, P J P wrote:
I have CCed everyone from the Security Process wiki page so they can
participate in discussing changes to the process.
> * So ie. we need to:
>
> 1. Create/setup a regular non-encrypted 'qemu-security' list.
>
> 2. Invite representatives from user/downstream communities to subscribe to
> it.
>
> 3. Collect & store their PGP public keys. Also create a key for the list.
>
> 4. Write 'encrypt & email' automation tool(s) to provide encryption support.
>
> 5. Document and publish above details and list workflow on a page.
>
>
> ...wdyt?
Writing/maintaining automation tools will take time so I suggest going
with confidential GitLab Issues instead:
https://docs.gitlab.com/ee/user/project/issues/confidential_issues.html
If you would like to test GitLab Issues, please post your username and
you will be given the "Reporter" role so you can view confidential
issues.
I have created a confidential issue here (you'll get 404 if you don't
have permissions to view it):
https://gitlab.com/qemu-project/qemu/-/issues/2
The intention is to migrate QEMU's bug tracker from Launchpad to GitLab
so this will unify reporting regular bugs and security bugs. It also
uses encryption all the time instead of relying on users explicitly
encrypting emails.
Stefan
signature.asc
Description: PGP signature