Re: [libvirt] [PATCH] Document security reporting & handling process

On 06/04/2013 04:06 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; > > Historically security issues in libvirt have been primarily > triaged & fixed by the Red Hat libvirt members & Red Hat > security team, who then usually notify other vendors via > appropriate channels. There have been a number of times > when vendors have not been properly notified ahead of > announcement. It has also disadvantaged community members > who have to backport fixes to releases for which there are > no current libvirt stable branches. > > To address this, we want to make the libvirt security process > entirely community focused / driven. To this end I have setup > a new email address &quot;libvirt-security(a)redhat.com&quot; for end > users to report bugs which have (possible) security implications.

> Document how to report security bugs and the process that > will be used for addressing them. > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; > --- > docs/bugs.html.in | 12 +++++ > docs/contact.html.in | 12 +++++ > docs/securityprocess.html.in | 113 +++++++++++++++++++++++++++++++++++++++++++ > docs/sitemap.html.in | 4 ++ > 4 files changed, 141 insertions(+) > create mode 100644 docs/securityprocess.html.in