From patchwork Mon Nov 13 15:41:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 10056317 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 530D460215 for ; Mon, 13 Nov 2017 15:44:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4568629416 for ; Mon, 13 Nov 2017 15:44:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 39AC229463; Mon, 13 Nov 2017 15:44:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 43D2829428 for ; Mon, 13 Nov 2017 15:44:25 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eEGrk-0007uD-Tm; Mon, 13 Nov 2017 15:41:40 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eEGri-0007sm-Tp for xen-devel@lists.xenproject.org; Mon, 13 Nov 2017 15:41:39 +0000 Received: from [85.158.139.211] by server-5.bemta-5.messagelabs.com id 87/E3-02209-23DB90A5; Mon, 13 Nov 2017 15:41:38 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHLMWRWlGSWpSXmKPExsXitHRDpK7hXs4 og4VzuSy+b5nM5MDocfjDFZYAxijWzLyk/IoE1ow1144zFUwyr3j9ejJLA+ML3S5GTg4JAX+J vydfMILYbAJ6EvOOf2XpYuTgEBFQkbi916CLkYuDWWANi8T0A/eZQGqEBUwkLh98A1bPIqAqc W1SBzNIPa+ArcTztaoQI+UlFn/fyQZiCwGVLH5wlB3E5hUQlDg58wkLiM0sICFx8MUL5gmM3L OQpGYhSS1gZFrFqFGcWlSWWqRrZKaXVJSZnlGSm5iZo2toYKqXm1pcnJiempOYVKyXnJ+7iRE YCvUMDIw7GG9P9jvEKMnBpCTKq/KZPUqILyk/pTIjsTgjvqg0J7X4EKMMB4eSBO+Z3ZxRQoJF qempFWmZOcCghElLcPAoifDuAUnzFhck5hZnpkOkTjEaczyb+bqBmWPa1dYmZiGWvPy8VClx3 k0gpQIgpRmleXCDYNFyiVFWSpiXkYGBQYinILUoN7MEVf4VozgHo5Iw7w2QKTyZeSVw+14Bnc IEdIoUyBe8xSWJCCmpBkbNa/3FPGuPL+rva3m37N2mtIrid6ucXpjdLHnx6AT3kiWTrnEn9S5 RWuoR7fzh/RdmX+s3xz1b0y5Lb/0Y/Dljybs5Mt9CNicc27A2Rut8luwXuZ2KeSHaCbz/2apf 7+fb29ZwaIOwTw3vsZB951cW3PdUY1hnY+VmtsPj74rbR6S/SKT6S+cqsRRnJBpqMRcVJwIAH DiD+ZECAAA= X-Env-Sender: prvs=483948db6=George.Dunlap@citrix.com X-Msg-Ref: server-16.tower-206.messagelabs.com!1510587693!91098039!2 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 56465 invoked from network); 13 Nov 2017 15:41:36 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-16.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 13 Nov 2017 15:41:36 -0000 X-IronPort-AV: E=Sophos;i="5.44,389,1505779200"; d="scan'208";a="451509072" From: George Dunlap To: Date: Mon, 13 Nov 2017 15:41:11 +0000 Message-ID: <20171113154126.13038-1-george.dunlap@citrix.com> X-Mailer: git-send-email 2.15.0 MIME-Version: 1.0 Cc: Stefano Stabellini , Wei Liu , Konrad Wilk , Andrew Cooper , Dario Faggioli , Tim Deegan , George Dunlap , Julien Grall , Paul Durrant , Jan Beulich , Tamas K Lengyel , Anthony Perard , Ian Jackson , Roger Pau Monne Subject: [Xen-devel] [PATCH 01/16] Introduce skeleton SUPPORT.md X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add a machine-readable file to describe what features are in what state of being 'supported', as well as information about how long this release will be supported, and so on. The document should be formatted using "semantic newlines" [1], to make changes easier. Begin with the basic framework. Signed-off-by: Ian Jackson Signed-off-by: George Dunlap [1] http://rhodesmill.org/brandon/2012/one-sentence-per-line/ Acked-by: Jan Beulich --- CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich CC: Tim Deegan CC: Dario Faggioli CC: Tamas K Lengyel CC: Roger Pau Monne CC: Stefano Stabellini CC: Anthony Perard CC: Paul Durrant CC: Konrad Wilk CC: Julien Grall --- SUPPORT.md | 196 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 SUPPORT.md diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000000..d7f2ae45e4 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,196 @@ +# Support statement for this release + +This document describes the support status +and in particular the security support status of the Xen branch +within which you find it. + +See the bottom of the file +for the definitions of the support status levels etc. + +# Release Support + + Xen-Version: 4.10-unstable + Initial-Release: n/a + Supported-Until: TBD + Security-Support-Until: Unreleased - not yet security-supported + +# Feature Support + +# Format and definitions + +This file contains prose, and machine-readable fragments. +The data in a machine-readable fragment relate to +the section and subsection in which it is found. + +The file is in markdown format. +The machine-readable fragments are markdown literals +containing RFC-822-like (deb822-like) data. + +## Keys found in the Feature Support subsections + +### Status + +This gives the overall status of the feature, +including security support status, functional completeness, etc. +Refer to the detailed definitions below. + +If support differs based on implementation +(for instance, x86 / ARM, Linux / QEMU / FreeBSD), +one line for each set of implementations will be listed. + +## Definition of Status labels + +Each Status value corresponds to levels of security support, +testing, stability, etc., as follows: + +### Experimental + + Functional completeness: No + Functional stability: Here be dragons + Interface stability: Not stable + Security supported: No + +### Tech Preview + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: Provisionally stable + Security supported: No + +#### Supported + + Functional completeness: Yes + Functional stability: Normal + Interface stability: Yes + Security supported: Yes + +#### Deprecated + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: No (as in, may disappear the next release) + Security supported: Yes + +All of these may appear in modified form. +There are several interfaces, for instance, +which are officially declared as not stable; +in such a case this feature may be described as "Stable / Interface not stable". + +## Definition of the status label interpretation tags + +### Functionally complete + +Does it behave like a fully functional feature? +Does it work on all expected platforms, +or does it only work for a very specific sub-case? +Does it have a sensible UI, +or do you have to have a deep understanding of the internals +to get it to work properly? + +### Functional stability + +What is the risk of it exhibiting bugs? + +General answers to the above: + + * **Here be dragons** + + Pretty likely to still crash / fail to work. + Not recommended unless you like life on the bleeding edge. + + * **Quirky** + + Mostly works but may have odd behavior here and there. + Recommended for playing around or for non-production use cases. + + * **Normal** + + Ready for production use + +### Interface stability + +If I build a system based on the current interfaces, +will they still work when I upgrade to the next version? + + * **Not stable** + + Interface is still in the early stages and + still fairly likely to be broken in future updates. + + * **Provisionally stable** + + We're not yet promising backwards compatibility, + but we think this is probably the final form of the interface. + It may still require some tweaks. + + * **Stable** + + We will try very hard to avoid breaking backwards compatibility, + and to fix any regressions that are reported. + +### Security supported + +Will XSAs be issued if security-related bugs are discovered +in the functionality? + +If "no", +anyone who finds a security-related bug in the feature +will be advised to +post it publicly to the Xen Project mailing lists +(or contact another security response team, +if a relevant one exists). + +Bugs found after the end of **Security-Support-Until** +in the Release Support section will receive an XSA +if they also affect newer, security-supported, versions of Xen. +However, the Xen Project will not provide official fixes +for non-security-supported versions. + +Three common 'diversions' from the 'Supported' category +are given the following labels: + + * **Supported, Not security supported** + + Functionally complete, normal stability, + interface stable, but no security support + + * **Supported, Security support external** + + This feature is security supported + by a different organization (not the XenProject). + See **External security support** below. + + * **Supported, with caveats** + + This feature is security supported only under certain conditions, + or support is given only for certain aspects of the feature, + or the feature should be used with care + because it is easy to use insecurely without knowing it. + Additional details will be given in the description. + +### Interaction with other features + +Not all features interact well with all other features. +Some features are only for HVM guests; some don't work with migration, &c. + +### External security support + +The XenProject security team +provides security support for XenProject projects. + +We also provide security support for Xen-related code in Linux, +which is an external project but doesn't have its own security process. + +External projects that provide their own security support for Xen-related features are listed below. + + * QEMU https://wiki.qemu.org/index.php/SecurityProcess + + * Libvirt https://libvirt.org/securityprocess.html + + * FreeBSD https://www.freebsd.org/security/ + + * NetBSD http://www.netbsd.org/support/security/ + + * OpenBSD https://www.openbsd.org/security.html + +