> On Feb 4, 2019, at 13:22, Stefano Stabellini <sstabell...@kernel.org> wrote: > > On Mon, 4 Feb 2019, Roger Pau Monné wrote: >>> Yes, v7 was sent to address Jan and Julien's review comments in parallel >>> with our ongoing discussion on v5 macros. v7 also provided a checkpoint >>> for Argo testers to maximize test coverage as the series converges into >>> a Xen 4.12 merge candidate for Juergen. It addressed: >>> >>> - Jan's v6 review comments >>> - Julien's v1 review comment >>> - most of your xen-devel and offline review comments >> >> I think it will benefit the community to give this review in public, >> so other reviewers know whats going on. IMO getting this private >> review makes it harder for me (as a reviewer) to know the motivation >> of some of the changes between versions, and likely also makes it >> harder for you since you have to keep track of comments from multiple >> sources on different channels. > > There is one more reason to require public comments which I have only > learned recently: for safety certifications we need to keep a record of > all review comments and patches that address them for traceability.
Do you mean: (A) all _merged_ patches and their review comments or (B) all comments and patches (merged or not) that address them i.e. would the certification process be seeking traceability of safety-impacting patches (code, scenario A) or decisions (including decisions to leave code unchanged, scenario B)? If you mean (B), would we need an update to the Xen Security Problem Response Process [1]? e.g. public archive of all comments from pre-disclosure discussion, along with content hashes stored immutably? Rich [1] https://www.xenproject.org/security-policy.html
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
