[libvirt] Libvirt Security Notices
Daniel Veillard
veillard at redhat.com
Fri Jan 17 15:19:02 UTC 2014
On Fri, Jan 17, 2014 at 02:43:25PM +0000, Daniel P. Berrange wrote:
> Hi Folks,
>
> After much work I've finally got a formal Libvirt Security Notice (LSN)
> setup worked out.
>
> Every security issue that is reported & confirmed on the libvirt security
> mailing list will have a formal LSN prepared. This is a simple XML document
> containing metadata & other information about the issue we deem relevant.
> Initially this will be private if there is an embargo applied.
>
> Once the issue is made public, will the LSN notices will be added to the
> following public GIT repository:
>
> http://libvirt.org/git/?p=libvirt-security-notice.git;a=summary
>
> This GIT repository is used to populate a new public website
>
> http://security.libvirt.org/
Hat off, very useful idea !!!
> Every issue is available in text, html and xml formats eg
>
> http://security.libvirt.org/2014/0002.txt
> http://security.libvirt.org/2014/0002.html
> http://security.libvirt.org/2014/0002.xml
Nicely done !
>
> If anyone backports a fix for a security issue to various -maint branches,
> the LSN notice in GIT should be updated with GIT hash of the backports. If
> a maint release is created, the tag should also be added to the LSN.
>
> After countless hours investigation I have populated the repository with
> a list of all historical issues in libvirt that I'm aware of.
Excellent work, really !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard at redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list