> On Jan 6, 2015, at 10:22 AM, Ben Pfaff <b...@nicira.com> wrote: > > Open vSwitch needs some kind of process for handling vulnerabilities. So > far, we've been pretty lucky that way, but it can't last forever, and I > think we'll be better off if we have at least the outline of an established > process whenever a significant vulnerability comes along. Here's my draft > of a process based on the documentation of the OpenStack process at > https://wiki.openstack.org/wiki/Vulnerability_Management. > > I don't have a lot of experience with this kind of thing myself, so I'd > appreciate critical review from anyone who does. > > Signed-off-by: Ben Pfaff <b...@nicira.com> > Reviewed-by: Flavio Leitner <f...@redhat.com> > --- > v1->v2: > - Suggest GPG signing and encryption. > - Mention coordination with Linux kernel security process. > - "ovs-users" is actually "ovs-discuss". > - Mention SECURITY.md from REPORTING-BUGS.md. > - Add examples.
Looks good to me. Acked-by: Justin Pettit <jpet...@vmware.com> Thanks for driving this! --Justin _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
