Ian.Jackson at eu
Jun 19, 2012, 11:17 AM
Post #1 of 1
The Xen.org security response team is charged with implementing the
Security vulnerability process, and CVE-2012-0217
Xen security response process, the current version of which can be
Over the past two months we on that team have been involved with
XSA-7 / CVE-2012-0217 and its various fallout.
During this exercise we have encountered some problems with the
process. The process needs improvement. Also, we have had to make
some difficult decisions. We feel it is essential for keeping us
honest that we explain to the community what we did, and when.
A message starting this discussion has just been posted to the
xen-devel mailing list:
The outcome of this discussion will be a set of changes to be agreed
on and/or voted on using the existing Xen.org governance processes:
This discussion will take place on xen-devel. We expect it to take
some weeks. We welcome the views of everyone in the Xen community -
please come and have your say.
Thanks for your attention,
on behalf of the Xen.org security response team
Xen-announce mailing list
Xen-announce [at] lists