On 29 April 2014 06:51, Michael S. Tsirkin <m...@redhat.com> wrote: > If not too late, I'd like to discuss our security process. > Do we as the project generally agree to use responsible disclosure policy > http://en.wikipedia.org/wiki/Responsible_disclosure ?
I think something like that makes sense. I'm a bit wary that we write up some complicated policy that we're not then in practice capable of executing given our level of resources. We should certainly write out some documentation though... thanks -- PMM
