Hello all,
Recently while conversing with DanPB this point came up
-> https://www.qemu.org/contribute/security-process/
* Currently QEMU security team is a handful of individual contacts which
restricts community participation in dealing with these issues.
* The Onus also lies with the individuals to inform the community about QEMU
security issues, as they come in.
Proposal: (to address above limitations)
=========
* We set up a new 'qemu-security' mailing list.
* QEMU security issues are reported to this new list only.
* Representatives from various communities subscribe to this list. (List maybe
moderated in the beginning.)
* As QEMU issues come in, participants on the 'qemu-security' list shall
discuss and decide about how to triage them further.
Please kindly let us know your views about it. I'd appreciate if you have any
suggestions/inputs/comments about the same.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
