On 23/01/20 14:59, Thomas Huth wrote: > Anyway, it looks more trustworthy if we present the "Security Process" > information in the static website instead. Thus this patch adds the > information from the wiki to the Jekyll-based website now.
Fair enough; here are some edits so that we can improve the text a bit in the meanwhile. > +We use a GNU Privacy Guard (GnuPG or GPG) keys to secure communications. Mail Remove "a". > +sent to members of the list can be encrypted with public keys of all members > +of the list. We expect to change some of the keys we use from time to time. > +Should we change the key, the previous keys will be revoked. Should a key change, the previous one will be revoked. > +* Is QEMU used in conjunction with a hypervisor (as opposed to TCG binary > + translation TCG)? Two "TCG"s. > +Whenever some or all of these questions have negative answers, what appears > to > +be a genuine security flaw might be considered of low severity because it > could > +only be exercised in use cases where QEMU and everything interacting with it > is > +trusted. s/genuine/major/ > +Prima facie, this bug appears to be a genuine security flaw, with potentially > +severe implications. But digging further down, it shows that there are only > +two ways to use SD Host Controller emulation, one is via 'sdhci-pci' > interface > +and the other is via 'generic-sdhci' interface. I can understand some Latin, but perhaps s/Prima facie/On the surface/ Also, s/it shows that// > +Of these two, the 'sdhci-pci' interface is relatively new and had actually > been s/is relatively new and// Thanks, Paolo
