1. Patchew
  2. QEMU
  3. View series

[PATCH] MAINTAINERS: list qemu-security@nongnu.org as security contact

Daniel P. Berrangé posted 1 patch 2 months, 3 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250820124417.1391747-1-berrange@redhat.com
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] MAINTAINERS: list qemu-security@nongnu.org as security contact
Posted by Daniel P. Berrangé 2 months, 3 weeks ago 
The qemu-security@nongnu.org list is considered the authoritative
contact for reporting QEMU security issues. Remove the Red Hat
security team address in favour of QEMU's list, to ensure that
upstream gets first contact. There is a representative of the
Red Hat security team as a member of qemu-security@nongnu.org
whom requests CVE assignments on behalf of QEMU when needed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index a07086ed76..3edfb25d5a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -85,7 +85,7 @@ Responsible Disclosure, Reporting Security Issues
 -------------------------------------------------
 W: https://wiki.qemu.org/SecurityProcess
 M: Michael S. Tsirkin <mst@redhat.com>
-L: secalert@redhat.com
+L: qemu-security@nongnu.org
 
 Trivial patches
 ---------------
-- 
2.50.1
Re: [PATCH] MAINTAINERS: list qemu-security@nongnu.org as security contact
Posted by Alex Bennée 2 months, 3 weeks ago 
Daniel P. Berrangé <berrange@redhat.com> writes:

> The qemu-security@nongnu.org list is considered the authoritative
> contact for reporting QEMU security issues. Remove the Red Hat
> security team address in favour of QEMU's list, to ensure that
> upstream gets first contact. There is a representative of the
> Red Hat security team as a member of qemu-security@nongnu.org
> whom requests CVE assignments on behalf of QEMU when needed.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro
Re: [PATCH] MAINTAINERS: list qemu-security@nongnu.org as security contact
Posted by Mauro Matteo Cascella 2 months, 3 weeks ago 
On Wed, Aug 20, 2025 at 2:44 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> The qemu-security@nongnu.org list is considered the authoritative
> contact for reporting QEMU security issues. Remove the Red Hat
> security team address in favour of QEMU's list, to ensure that
> upstream gets first contact. There is a representative of the
> Red Hat security team as a member of qemu-security@nongnu.org
> whom requests CVE assignments on behalf of QEMU when needed.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  MAINTAINERS | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index a07086ed76..3edfb25d5a 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -85,7 +85,7 @@ Responsible Disclosure, Reporting Security Issues
>  -------------------------------------------------
>  W: https://wiki.qemu.org/SecurityProcess
>  M: Michael S. Tsirkin <mst@redhat.com>
> -L: secalert@redhat.com
> +L: qemu-security@nongnu.org
>
>  Trivial patches
>  ---------------
> --
> 2.50.1
>

Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>

Thanks,
-- 
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.