On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote: > Peter Maydell <peter.mayd...@linaro.org> writes: > > > On 29 April 2014 11:09, Michael S. Tsirkin <m...@redhat.com> wrote: > >> Let's just make clear how to contact us securely, when to contact that > >> list, and what we'll do with the info. I cobbled together the > >> following: > >> http://wiki.qemu.org/SecurityProcess > > > > Looks generally OK I guess. I'd drop the 'how to use pgp' section -- > > anybody who cares will already know how to send us PGP email. > > The first paragraph under "How to Contact Us Securely" is fine, the rest > seems redundant for readers familiar with PGP, yet hardly sufficient for > the rest. > > One thing I like about Libvirt's Security Process page[*] is they give > an idea on embargo duration. > > > [*] http://libvirt.org/securityprocess.html
I don't have an idea though. Do you? Let's try the process for a while, see how well we manage in practice.
