subject:"\[Openstack\-operators\] \[tc\]\[security\] Proposal to change the CVE embargo window"

Re: [Openstack-operators] [tc][security] Proposal to change the CVE embargo window

2016-01-26 Thread Tristan Cacqueray

On 01/26/2016 03:18 PM, Doug Hellmann wrote: > Excerpts from John Dickinson's message of 2016-01-25 10:58:19 -0800: >> I'd like to lengthen the embargo window on CVE disclosures. >> >> Currently, the process is this >> (https://security.openstack.org/vmt-process.html): >> >> 1. A security bug is

Re: [Openstack-operators] [tc][security] Proposal to change the CVE embargo window

2016-01-26 Thread Doug Hellmann

Excerpts from John Dickinson's message of 2016-01-25 10:58:19 -0800: > I'd like to lengthen the embargo window on CVE disclosures. > > Currently, the process is this > (https://security.openstack.org/vmt-process.html): > > 1. A security bug is reported (and confirmed as valid) > 2. A patch i

[Openstack-operators] [tc][security] Proposal to change the CVE embargo window

2016-01-25 Thread John Dickinson

I'd like to lengthen the embargo window on CVE disclosures. Currently, the process is this (https://security.openstack.org/vmt-process.html): 1. A security bug is reported (and confirmed as valid) 2. A patch is developed an reviewed 3. After the proposed fix is approved by reviewers, A CVE

Re: [Openstack-operators] [tc][security] Proposal to change the CVE embargo window

Re: [Openstack-operators] [tc][security] Proposal to change the CVE embargo window

[Openstack-operators] [tc][security] Proposal to change the CVE embargo window

3 matches

Site Navigation

Mail list logo

Footer information