From patchwork Wed Nov 22 19:20:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 10070809 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 243A66038F for ; Wed, 22 Nov 2017 19:23:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 187D528C49 for ; Wed, 22 Nov 2017 19:23:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0C33629617; Wed, 22 Nov 2017 19:23:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D912C28C49 for ; Wed, 22 Nov 2017 19:23:20 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eHaZX-0007D0-Ii; Wed, 22 Nov 2017 19:20:35 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eHaZW-0007Bf-Gx for xen-devel@lists.xenproject.org; Wed, 22 Nov 2017 19:20:34 +0000 Received: from [193.109.254.147] by server-3.bemta-6.messagelabs.com id D2/E6-16578-10EC51A5; Wed, 22 Nov 2017 19:20:33 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPLMWRWlGSWpSXmKPExsXitHRDpC7jOdE og51rWC2+b5nM5MDocfjDFZYAxijWzLyk/IoE1oxXDbtYC9aaV9xd+4e9gbFHr4uRk0NCwF/i 3PUr7CA2m4CexLzjX1m6GDk4RARUJG7vNehi5OJgFljDIjH9wH0mkBphAXOJB5fbWUFsFgFVi S3bj4D18grYSjT23WKFmCkvsfj7TjYQWwioZvGDo1A1ghInZz5hAbGZBSQkDr54wTyBkXsWkt QsJKkFjEyrGDWKU4vKUot0jUz0kooy0zNKchMzc3QNDcz0clOLixPTU3MSk4r1kvNzNzECg4E BCHYw7vsYeYhRkoNJSZQ3eLlIlBBfUn5KZUZicUZ8UWlOavEhRhkODiUJ3u9nRKOEBItS01Mr 0jJzgGEJk5bg4FES4X0BkuYtLkjMLc5Mh0idYjTmeDbzdQMzx7SrrU3MQix5+XmpUuK83meBS gVASjNK8+AGweLlEqOslDAvI9BpQjwFqUW5mSWo8q8YxTkYlYR5z4Ms5MnMK4Hb9wroFCagU3 4eFwY5pSQRISXVwJi7Jy/0f07gzbmeps6npjN035pvtsM5ji/jX+3SCy9E1V5wvn7tc18xsqX hWu08w5kzI4/MML/g9S6MsYqzontt6wmhd4l2S0VWiEQ9nXha+tbxCzuWPrxx7Lqgg6GA8KWr r7g8Un2+THq+5OfDE0sZ9nc/VfVs/hQZbMBXxxNwweDTbmH1Lf5KLMUZiYZazEXFiQALKQjYk gIAAA== X-Env-Sender: prvs=49202577f=George.Dunlap@citrix.com X-Msg-Ref: server-13.tower-27.messagelabs.com!1511378430!108195651!3 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 36233 invoked from network); 22 Nov 2017 19:20:32 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-13.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 22 Nov 2017 19:20:32 -0000 X-IronPort-AV: E=Sophos;i="5.44,436,1505779200"; d="scan'208";a="452652242" From: George Dunlap To: Date: Wed, 22 Nov 2017 19:20:08 +0000 Message-ID: <20171122192024.21187-1-george.dunlap@citrix.com> X-Mailer: git-send-email 2.15.0 MIME-Version: 1.0 Cc: Stefano Stabellini , Wei Liu , Konrad Wilk , Andrew Cooper , Dario Faggioli , Tim Deegan , George Dunlap , Julien Grall , Paul Durrant , Jan Beulich , Tamas K Lengyel , Anthony Perard , Ian Jackson , Roger Pau Monne Subject: [Xen-devel] [PATCH v3 01/17] Introduce skeleton SUPPORT.md X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a machine-readable file to describe what features are in what state of being 'supported', as well as information about how long this release will be supported, and so on. The document should be formatted using "semantic newlines" [1], to make changes easier. Begin with the basic framework. Signed-off-by: Ian Jackson Signed-off-by: George Dunlap Acked-by: Jan Beulich [1] http://rhodesmill.org/brandon/2012/one-sentence-per-line/ --- CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich CC: Tim Deegan CC: Dario Faggioli CC: Tamas K Lengyel CC: Roger Pau Monne CC: Stefano Stabellini CC: Anthony Perard CC: Paul Durrant CC: Konrad Wilk CC: Julien Grall --- SUPPORT.md | 194 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 194 insertions(+) create mode 100644 SUPPORT.md diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000000..e3d5d1de8d --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,194 @@ +# Support statement for this release + +This document describes the support status +and in particular the security support status of the Xen branch +within which you find it. + +See the bottom of the file +for the definitions of the support status levels etc. + +# Release Support + + Xen-Version: 4.10-unstable + Initial-Release: n/a + Supported-Until: TBD + Security-Support-Until: Unreleased - not yet security-supported + +# Feature Support + +# Format and definitions + +This file contains prose, and machine-readable fragments. +The data in a machine-readable fragment relate to +the section and subsection in which it is found. + +The file is in markdown format. +The machine-readable fragments are markdown literals +containing RFC-822-like (deb822-like) data. + +## Keys found in the Feature Support subsections + +### Status + +This gives the overall status of the feature, +including security support status, functional completeness, etc. +Refer to the detailed definitions below. + +If support differs based on implementation +(for instance, x86 / ARM, Linux / QEMU / FreeBSD), +one line for each set of implementations will be listed. + +## Definition of Status labels + +Each Status value corresponds to levels of security support, +testing, stability, etc., as follows: + +### Experimental + + Functional completeness: No + Functional stability: Here be dragons + Interface stability: Not stable + Security supported: No + +### Tech Preview + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: Provisionally stable + Security supported: No + +#### Supported + + Functional completeness: Yes + Functional stability: Normal + Interface stability: Yes + Security supported: Yes + +#### Deprecated + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: No (as in, may disappear the next release) + Security supported: Yes + +All of these may appear in modified form. +There are several interfaces, for instance, +which are officially declared as not stable; +in such a case this feature may be described as "Stable / Interface not stable". + +## Definition of the status label interpretation tags + +### Functionally complete + +Does it behave like a fully functional feature? +Does it work on all expected platforms, +or does it only work for a very specific sub-case? +Does it have a sensible UI, +or do you have to have a deep understanding of the internals +to get it to work properly? + +### Functional stability + +What is the risk of it exhibiting bugs? + +General answers to the above: + + * **Here be dragons** + + Pretty likely to still crash / fail to work. + Not recommended unless you like life on the bleeding edge. + + * **Quirky** + + Mostly works but may have odd behavior here and there. + Recommended for playing around or for non-production use cases. + + * **Normal** + + Ready for production use + +### Interface stability + +If I build a system based on the current interfaces, +will they still work when I upgrade to the next version? + + * **Not stable** + + Interface is still in the early stages and + still fairly likely to be broken in future updates. + + * **Provisionally stable** + + We're not yet promising backwards compatibility, + but we think this is probably the final form of the interface. + It may still require some tweaks. + + * **Stable** + + We will try very hard to avoid breaking backwards compatibility, + and to fix any regressions that are reported. + +### Security supported + +Will XSAs be issued if security-related bugs are discovered +in the functionality? + +If "no", +anyone who finds a security-related bug in the feature +will be advised to +post it publicly to the Xen Project mailing lists +(or contact another security response team, +if a relevant one exists). + +Bugs found after the end of **Security-Support-Until** +in the Release Support section will receive an XSA +if they also affect newer, security-supported, versions of Xen. +However, the Xen Project will not provide official fixes +for non-security-supported versions. + +Three common 'diversions' from the 'Supported' category +are given the following labels: + + * **Supported, Not security supported** + + Functionally complete, normal stability, + interface stable, but no security support + + * **Supported, Security support external** + + This feature is security supported + by a different organization (not the XenProject). + See **External security support** below. + + * **Supported, with caveats** + + This feature is security supported only under certain conditions, + or support is given only for certain aspects of the feature, + or the feature should be used with care + because it is easy to use insecurely without knowing it. + Additional details will be given in the description. + +### Interaction with other features + +Not all features interact well with all other features. +Some features are only for HVM guests; some don't work with migration, &c. + +### External security support + +The XenProject security team +provides security support for XenProject projects. + +We also provide security support for Xen-related code in Linux, +which is an external project but doesn't have its own security process. + +External projects that provide their own security support for Xen-related features are listed below. + + * QEMU https://wiki.qemu.org/index.php/SecurityProcess + + * Libvirt https://libvirt.org/securityprocess.html + + * FreeBSD https://www.freebsd.org/security/ + + * NetBSD http://www.netbsd.org/support/security/ + + * OpenBSD https://www.openbsd.org/security.html