On Tue, Sep 26, 2023 at 09:59:19PM -0400, Demi Marie Obenour wrote:
> These detailed security advisories are one of the things I love about
> Xen. It's hard to trust a hypervisor (KVM) that will not issue them,
> for then one has no way to know if a particular problem got fixed.
I concur. I'd appreciate security advisories from the KVM project.
> I'm CCing KVM here to make sure they have a fix. From their Git commit
> history, I am almost certain that seL4 does not. I'm CCing the seL4
> developers to alert them of this and suggest that the x86 port be
> removed or at least have a big warning.
I strongly oppose removal of a port/support for a certain architecture
just because some implementations of it are/were problematic. Adding a
warning is fine.
Alexander
P.S. Demi Marie, please note that oss-security list content guidelines
explicitly discourage CC'ing other lists(*), and Xen advisories are
already stretching this. In this reply, I am still CC'ing many of what
you had CC'ed as I am following up on your specific points relevant to
those lists, but in general let's be more careful about this.
(*) Because we may then get off-topic follow-ups from there, especially
if CC'ing project user lists or high-volume lists like LKML. In this
specific case, we're lucky so far.