[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Libvirt Security Notices

Hi Folks,

After much work I've finally got a formal Libvirt Security Notice (LSN)
setup worked out.

Every security issue that is reported & confirmed on the libvirt security
mailing list will have a formal LSN prepared. This is a simple XML document
containing metadata & other information about the issue we deem relevant.
Initially this will be private if there is an embargo applied.

Once the issue is made public, will the LSN notices will be added to the
following public GIT repository:


This GIT repository is used to populate a new public website


A plain text rendering of the LSN will also be sent to the mailing

   libvirt-announce redhat com

Every issue is available in text, html and xml formats eg


If anyone backports a fix for a security issue to various -maint branches,
the LSN notice in GIT should be updated with GIT hash of the backports. If
a maint release is created, the tag should also be added to the LSN.

After countless hours investigation I have populated the repository with
a list of all historical issues in libvirt that I'm aware of.

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]