1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] docs: link to security.libvirt.org website

Daniel P. Berrangé posted 1 patch 6 years, 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180315160549.6735-1-berrange@redhat.com
Test syntax-check passed
docs/securityprocess.html.in | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
[libvirt] [PATCH] docs: link to security.libvirt.org website
Posted by Daniel P. Berrangé 6 years, 1 month ago 
We forgot to tell anyone that we were publishing security notices
online at https://security.libvirt.org

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 docs/securityprocess.html.in | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/docs/securityprocess.html.in b/docs/securityprocess.html.in
index 2bab07bf39..adf30259b0 100644
--- a/docs/securityprocess.html.in
+++ b/docs/securityprocess.html.in
@@ -37,6 +37,19 @@
       moderator and the reporter copied on any replies.
     </p>
 
+    <h2><a id="secnotice">Security notices</a></h2>
+
+    <p>
+      Information for all historical security issues is maintained in
+      machine parsable format in the
+      <a href="https://libvirt.org/git/?p=libvirt-security-notice.git;a=log">libvirt-security-notice GIT repository</a> and
+      <a href="https://security.libvirt.org">published online</a>
+      in text, HTML and XML formats. Security notices are published
+      on the <a href="https://libvirt.org/contact.html#email">libvirt-announce mailing list</a>
+      when any embargo is lifted, or as soon as triaged if already
+      public knowledge.
+    </p>
+
     <h2><a id="seclist">Security team</a></h2>
 
     <p>
@@ -102,12 +115,5 @@
       will be responsible for backporting the officially published fixes to
       other release branches where applicable.
     </p>
-
-    <h2><a id="notification">Notification of issues</a></h2>
-
-    <p>
-      When an embargo expires, security issues will be announced on both
-      the libvirt development and announcement <a href="https://libvirt.org/contact.html#email">mailing lists</a>.
-    </p>
   </body>
 </html>
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: link to security.libvirt.org website
Posted by Laine Stump 6 years, 1 month ago 
On 03/15/2018 12:05 PM, Daniel P. Berrangé wrote:
> We forgot to tell anyone that we were publishing security notices
> online at https://security.libvirt.org
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Laine Stump <laine@laine.org>

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: link to security.libvirt.org website
Posted by Roman Bogorodskiy 6 years, 1 month ago 
  Daniel P. Berrangé wrote:

> We forgot to tell anyone that we were publishing security notices
> online at https://security.libvirt.org
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  docs/securityprocess.html.in | 20 +++++++++++++-------
>  1 file changed, 13 insertions(+), 7 deletions(-)

Thanks!

I guess it'd be also useful to update the description of the 'Security
vulnerabilities' entry in the 'Quick Links' block on the index page.
Right now it says 'Report vulnerabilities to the libvirt security
response team'. It could be '..., and view existing ones' (with that
probably being a link to security.libvirt.org).

Roman Bogorodskiy
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.