[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Libvirt Security Notices



Hi Folks,

After much work I've finally got a formal Libvirt Security Notice (LSN)
setup worked out.

Every security issue that is reported & confirmed on the libvirt security
mailing list will have a formal LSN prepared. This is a simple XML document
containing metadata & other information about the issue we deem relevant.
Initially this will be private if there is an embargo applied.

Once the issue is made public, will the LSN notices will be added to the
following public GIT repository:

   http://libvirt.org/git/?p=libvirt-security-notice.git;a=summary

This GIT repository is used to populate a new public website

   http://security.libvirt.org/

A plain text rendering of the LSN will also be sent to the mailing
list

   libvirt-announce redhat com

Every issue is available in text, html and xml formats eg

  http://security.libvirt.org/2014/0002.txt
  http://security.libvirt.org/2014/0002.html
  http://security.libvirt.org/2014/0002.xml

If anyone backports a fix for a security issue to various -maint branches,
the LSN notice in GIT should be updated with GIT hash of the backports. If
a maint release is created, the tag should also be added to the LSN.

After countless hours investigation I have populated the repository with
a list of all historical issues in libvirt that I'm aware of.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]