Xen Project Release Features/Definitions
|These definitions are based on xen.git:SUPPORT.md, which is a machine readable version of Xen Project Release Features, which was introduced in Xen 4.10.|
The definitions in this document primarily refer to the information in Xen Project Release Features or its archived version.
- 1 Definition of Support Labels
- 2 Definition of the status label interpretation tags
Definition of Support Labels
Each status value besides a ✓ or ✓ corresponds to levels of security support, testing, stability, etc., as in the following subsections. Note that format in Xen Project Release Features typically follows the following convention
- ✓ [footnote] [support label]
- ✓ [footnote] [support label]
If no support label is specified besides a ✓, the feature is normally considered Supported unless otherwise specified.
Functional completeness: No Functional stability: Here be dragons Interface stability: Not stable Security supported: No
Functional completeness: Yes Functional stability: Quirky Interface stability: Provisionally stable Security supported: No
Functional completeness: Yes Functional stability: Normal Interface stability: Yes Security supported: Yes
Functional completeness: Yes Functional stability: Quirky Interface stability: No (as in, may disappear the next release) Security supported: Yes
All of these may appear in modified form via footnotes.
Does it behave like a fully functional feature? Yes = ✓
Does it work on all expected platforms, or does it only work for a very specific sub-case? No = ✓
Does it have a sensible UI, or do you have to have a deep understanding of the internals to get it to work properly? No = ✓
What is the risk of it exhibiting bugs?
General answers to the above:
- Here be dragons
- Pretty likely to still crash / fail to work.
- Not recommended unless you like life on the bleeding edge.
- Mostly works but may have odd behavior here and there.
- Recommended for playing around or for non-production use cases.
- Ready for production use
If I build a system based on the current interfaces, will they still work when I upgrade to the next version?
- Not stable
- Interface is still in the early stages and still fairly likely to be broken in future updates.
- Provisionally stable
- We're not yet promising backwards compatibility, but we think this is probably the final form of the interface.
- It may still require some tweaks.
- We will try very hard to avoid breaking backwards compatibility, and to fix any regressions that are reported.
Will XSAs be issued if security-related bugs are discovered in the functionality?
If "no", anyone who finds a security-related bug in the feature will be advised to post it publicly to the Xen Project mailing lists (or contact another security response team, if a relevant one exists).
Bugs found after the end of Security-Support-Until in the Release Support section will receive an XSA if they also affect newer, security-supported, versions of Xen.
However, the Xen Project will not provide official fixes or non-security-supported versions.
Other Documents impacting Security Support
Prior to the introduction of SUPPORT.md, security support could be restricted in the following situations
- A restriction of some configurations as expressed in xen.git:docs/misc/qemu-xen-security. From Xen 4.10 exceptions have been encoded in SUPPORT.md
- Docs for an individual feature (eg in xl docs) might say that the feature is not advised, or not supported, or something similar. These restrictions apply for all Xen releases, however SUPPORT.md would contain a note saying “please check *.doc for additional restrictions”
- Previous XSA advisories might withdraw support: this will be encoded in SUPPORT.md
- Experimental KCONFIG tags: by definition, code marked as Experimental by KCONFIG is not security supported. For consistency, we will ensure that SUPPORT.md captures these items
Interaction with other features
Not all features interact well with all other features. Some features are only for HVM guests; some don't work with migration, &c.
External security support
The Xen Project security team provides security support for Xen Project projects.
We also provide security support for Xen-related code in Linux, which is an external project but doesn't have its own security process.
External projects that provide their own security support for Xen-related features are listed below.