On 24 October 2017 at 08:46, Daniel P. Berrange <berra...@redhat.com> wrote: > That said, I wonder if we should put 'security response handling' on the > agenda for the QEMU mini summit tomorrow. In particular I think it is > pretty bad that we don't publish any list of what CVEs affect QEMU and > the GIT hash of the corresponding GIT master fix, nor mention them in > the release notes for each major release.
Yep, happy to talk about that. Personally I'd like to see us doing better here, but since I don't have the time to do it myself I can understand if nobody else has the time to do it either :-) thanks -- PMM
