Mailing List Archive

Reminder: Vulnerability embargo dates - add your public holidays
In mid-May I wrote:

> When the Xen Project Security Team talks to discoverers about choice
> of release dates for security vulnerabilities, we generally try to
> avoid known public holidays (subject to other constraints such as the
> discoverer's requirements, the Xen Project policy, and so on).
>
> We wish to make this arrangement a bit more formal, and in particular
> to provide discoverers (who ultimately decide disclosure dates) and
> the Security Team (who often give advice) with good information to
> support their decisions.
>
> To this end we have created a wiki page where interested community
> members can document public holidays which would affect their ability
> to respond to security issues.
>
> Please see:
> https://wiki.xenproject.org/wiki/HolidayCalendar
>
> If you would like your circumstances taken into account, please add to
> the data for 2017 on that page.
>
> Note that if you do not already have write access to the wiki, you'll
> have to request it. Sorry for the inconvenience, and please see:
> https://wiki.xenproject.org/wiki/Main_Page
>
> Also, as the HolidayCalendar wiki page says:
>
> Note that disclosure schedules are determined by the discoverers of
> vulnerabilities who do not need to follow the guidelines in the Xen
> Project policy. Where discoverers ask the Xen Project Security Team
> for advice, or choose to follow the policy, the holiday information
> here is advisory only. Because the policy requires us to consider
> other factors too, we cannot guarantee to avoid holidays.

I see that US, UK and Canadian holidays have been added. Members of
the Xen Project community in other places ought to consider adding
their own holiday dates.

Ian.

_______________________________________________
Xen-announce mailing list
Xen-announce@lists.xen.org
https://lists.xen.org/xen-announce