DPDK-dev Archive on lore.kernel.org
 help / color / Atom feed
* [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date
@ 2019-06-17 16:06 Ferruh Yigit
  2019-06-17 16:06 ` [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status Ferruh Yigit
  2019-07-30 11:16 ` [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Mcnamara, John
  0 siblings, 2 replies; 4+ messages in thread
From: Ferruh Yigit @ 2019-06-17 16:06 UTC (permalink / raw)
  To: John McNamara, Marko Kovacevic; +Cc: dev, Thomas Monjalon, Maxime Coquelin

Clarify that a fixed date will be used for end of embargo (public
disclosure) date while communicating with downstream stakeholders.

Initial document got a review that it gives an impression that
communicated embargo date can be a range like 'less than a week' which
is not the case. The range applies when defining the end of the embargo
date but a fix date will be communicated.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
 doc/guides/contributing/vulnerability.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst
index a4bef4857..0d8432d56 100644
--- a/doc/guides/contributing/vulnerability.rst
+++ b/doc/guides/contributing/vulnerability.rst
@@ -182,7 +182,7 @@ When the fix is ready, the security advisory and patches are sent
 to downstream stakeholders
 (`security-prerelease@dpdk.org <mailto:security-prerelease@dpdk.org>`_),
 specifying the date and time of the end of the embargo.
-The public disclosure should happen in **less than one week**.
+The communicated public disclosure date should be **less than one week**
 
 Downstream stakeholders are expected not to deploy or disclose patches
 until the embargo is passed, otherwise they will be removed from the list.
-- 
2.21.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status
  2019-06-17 16:06 [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Ferruh Yigit
@ 2019-06-17 16:06 ` Ferruh Yigit
  2019-07-30 11:16   ` Mcnamara, John
  2019-07-30 11:16 ` [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Mcnamara, John
  1 sibling, 1 reply; 4+ messages in thread
From: Ferruh Yigit @ 2019-06-17 16:06 UTC (permalink / raw)
  To: John McNamara, Marko Kovacevic; +Cc: dev, Thomas Monjalon, Maxime Coquelin

Explicitly note that experimental APIs also part of security process.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
 doc/guides/contributing/vulnerability.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst
index 0d8432d56..a69da0d36 100644
--- a/doc/guides/contributing/vulnerability.rst
+++ b/doc/guides/contributing/vulnerability.rst
@@ -8,7 +8,7 @@ Scope
 -----
 
 Only the main repositories (dpdk and dpdk-stable) of the core project
-are in the scope of this security process.
+are in the scope of this security process (including experimental APIs).
 If a stable branch is declared unmaintained (end of life),
 no fix will be applied.
 
-- 
2.21.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status
  2019-06-17 16:06 ` [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status Ferruh Yigit
@ 2019-07-30 11:16   ` Mcnamara, John
  0 siblings, 0 replies; 4+ messages in thread
From: Mcnamara, John @ 2019-07-30 11:16 UTC (permalink / raw)
  To: Yigit, Ferruh, Kovacevic, Marko; +Cc: dev, Thomas Monjalon, Maxime Coquelin



> -----Original Message-----
> From: Yigit, Ferruh
> Sent: Monday, June 17, 2019 5:07 PM
> To: Mcnamara, John <john.mcnamara@intel.com>; Kovacevic, Marko
> <marko.kovacevic@intel.com>
> Cc: dev@dpdk.org; Thomas Monjalon <thomas@monjalon.net>; Maxime Coquelin
> <maxime.coquelin@redhat.com>
> Subject: [PATCH 2/2] doc/security: clarify experimental API status
> 
> Explicitly note that experimental APIs also part of security process.
> 

Acked-by: John McNamara <john.mcnamara@intel.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date
  2019-06-17 16:06 [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Ferruh Yigit
  2019-06-17 16:06 ` [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status Ferruh Yigit
@ 2019-07-30 11:16 ` Mcnamara, John
  1 sibling, 0 replies; 4+ messages in thread
From: Mcnamara, John @ 2019-07-30 11:16 UTC (permalink / raw)
  To: Yigit, Ferruh, Kovacevic, Marko; +Cc: dev, Thomas Monjalon, Maxime Coquelin



> -----Original Message-----
> From: Yigit, Ferruh
> Sent: Monday, June 17, 2019 5:07 PM
> To: Mcnamara, John <john.mcnamara@intel.com>; Kovacevic, Marko
> <marko.kovacevic@intel.com>
> Cc: dev@dpdk.org; Thomas Monjalon <thomas@monjalon.net>; Maxime Coquelin
> <maxime.coquelin@redhat.com>
> Subject: [PATCH 1/2] doc/security: clarify pre-release end of the embargo
> date
> 
> Clarify that a fixed date will be used for end of embargo (public
> disclosure) date while communicating with downstream stakeholders.
> 
> Initial document got a review that it gives an impression that
> communicated embargo date can be a range like 'less than a week' which is
> not the case. The range applies when defining the end of the embargo date
> but a fix date will be communicated.
> 

Acked-by: John McNamara <john.mcnamara@intel.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-17 16:06 [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Ferruh Yigit
2019-06-17 16:06 ` [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status Ferruh Yigit
2019-07-30 11:16   ` Mcnamara, John
2019-07-30 11:16 ` [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date Mcnamara, John

DPDK-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dpdk-dev/0 dpdk-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dpdk-dev dpdk-dev/ https://lore.kernel.org/dpdk-dev \
		dev@dpdk.org dpdk-dev@archiver.kernel.org
	public-inbox-index dpdk-dev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox