> On Jan 6, 2015, at 10:29 AM, Justin Pettit <[email protected]> wrote: > > >> On Jan 6, 2015, at 10:22 AM, Ben Pfaff <[email protected]> wrote: >> >> Open vSwitch needs some kind of process for handling vulnerabilities. So >> far, we've been pretty lucky that way, but it can't last forever, and I >> think we'll be better off if we have at least the outline of an established >> process whenever a significant vulnerability comes along. Here's my draft >> of a process based on the documentation of the OpenStack process at >> https://wiki.openstack.org/wiki/Vulnerability_Management. >> >> I don't have a lot of experience with this kind of thing myself, so I'd >> appreciate critical review from anyone who does. >> >> Signed-off-by: Ben Pfaff <[email protected]> >> Reviewed-by: Flavio Leitner <[email protected]> >> --- >> v1->v2: >> - Suggest GPG signing and encryption. >> - Mention coordination with Linux kernel security process. >> - "ovs-users" is actually "ovs-discuss". >> - Mention SECURITY.md from REPORTING-BUGS.md. >> - Add examples. > > Looks good to me. > > Acked-by: Justin Pettit <[email protected]>
Ugh, haven't been reviewing enough: Acked-by: Justin Pettit <[email protected]> --Justin _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
