From: Jonathan Corbet <corbet@lwn.net>
To: Vegard Nossum <vegard.nossum@oracle.com>, linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Vegard Nossum <vegard.nossum@oracle.com>,
Amit Shah <aams@amazon.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
Jiri Kosina <jkosina@suse.cz>, Kees Cook <keescook@chromium.org>,
Laura Abbott <labbott@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Solar Designer <solar@openwall.com>,
Thomas Gleixner <tglx@linutronix.de>,
Thorsten Leemhuis <linux@leemhuis.info>,
Tyler Hicks <tyhicks@canonical.com>,
Will Deacon <will@kernel.org>, Willy Tarreau <w@1wt.eu>
Subject: Re: [PATCH] Documentation/security-bugs: overhaul
Date: Wed, 01 Jun 2022 07:38:05 -0600 [thread overview]
Message-ID: <87ilpk5wsi.fsf@meer.lwn.net> (raw)
In-Reply-To: <20220531230309.9290-1-vegard.nossum@oracle.com>
Vegard Nossum <vegard.nossum@oracle.com> writes:
> The current instructions for reporting security vulnerabilities in the
> kernel are not clear enough, in particular the process of disclosure
> and requesting CVEs, and what the roles of the different lists are and
> how exactly to report to each of them.
>
> Let's give this document an overhaul. Goals are stated as a comment at
> the top of the document itself (these will not appear in the rendered
> document).
...but they do appear in the plain-text document, which must also be
readable. Thus...
[...]
> diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst
> index 82e29837d5898..5f37b3f1e77dc 100644
> --- a/Documentation/admin-guide/security-bugs.rst
> +++ b/Documentation/admin-guide/security-bugs.rst
> @@ -1,96 +1,175 @@
> +..
> + If you modify this document, please consider the following:
> +
> + 1) The most important information should be at the top (preferably in
> + the opening paragraph). This means contacting <security@kernel.org>;
> + if somebody doesn't read any further than that, at least the security
> + team will have the report.
I submit that you are breaking your own rule by putting this stuff at
the top of the document. I'm not really convinced that you need it at
all - we don't normally include these sort of instructions - but if it
has to be here I would put it at the end.
[Haven't had a chance to look at the real material yet]
Thanks,
jon
next prev parent reply other threads:[~2022-06-01 13:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-31 23:03 [PATCH] Documentation/security-bugs: overhaul Vegard Nossum
2022-06-01 3:12 ` Willy Tarreau
2022-06-02 15:34 ` Vegard Nossum
2022-06-03 6:49 ` Willy Tarreau
2022-06-06 14:21 ` Vegard Nossum
2022-06-06 15:07 ` Willy Tarreau
2022-06-01 13:38 ` Jonathan Corbet [this message]
2022-06-01 16:58 ` Jonathan Corbet
2022-06-02 17:53 ` Vegard Nossum
2022-06-04 0:43 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilpk5wsi.fsf@meer.lwn.net \
--to=corbet@lwn.net \
--cc=aams@amazon.com \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=labbott@redhat.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=mchehab@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=solar@openwall.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tyhicks@canonical.com \
--cc=vegard.nossum@oracle.com \
--cc=w@1wt.eu \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.