Am 17.04.2014 15:54, schrieb Michael S. Tsirkin: > People sometimes detect security issues in upstream > QEMU and don't know where to report them in a non-public way. > Of course whoever just wants full disclosure can just go public, > but there's nothing specified for non-public - until recently Anthony > was doing this informally. > > As I started doing this recently anyway, I can handle this on the QEMU side > in a more formal way. > > Adding a secalert mailing list as well - they are the ones who is actually > opening CVEs, communicating issues to all downstreams etc, > and they are already handling this for upstream, not just Red Hat. > > Keeping Anthony's address around in case he wants to be informed. > > Signed-off-by: Michael S. Tsirkin <m...@redhat.com> > --- > MAINTAINERS | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 34b8c3f..713546f 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -52,6 +52,12 @@ General Project Administration > ------------------------------ > M: Anthony Liguori <aligu...@amazon.com> > > +Responsible Disclosure, Reporting Security Issues > +------------------------------ > +M: Michael S. Tsirkin <m...@redhat.com> > +M: Anthony Liguori <aligu...@amazon.com> > +L: secal...@redhat.com
I believe that after the QEMU Summit 2012 Anthony wanted to set up a Wiki page on that. Was that forgotten? If so, we should add one, otherwise we should make it findable and reference it here via W:. Thanks for documenting this in MAINTAINERS, Andreas > + > Guest CPU cores (TCG): > ---------------------- > Alpha -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
