From: Kees Cook <keescook@chromium.org>
To: Solar Designer <solar@openwall.com>
Cc: Sasha Levin <sashal@kernel.org>,
corbet@lwn.net, will@kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, tyhicks@canonical.com,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] Documentation/security-bugs: provide more information about linux-distros
Date: Tue, 23 Jul 2019 15:23:42 -0700 [thread overview]
Message-ID: <201907231520.D659BD32@keescook> (raw)
In-Reply-To: <20190719084215.GA24691@openwall.com>
On Fri, Jul 19, 2019 at 10:42:15AM +0200, Solar Designer wrote:
> - The reporter having been directed to post from elsewhere (and I
> suspect this documentation file) without being aware of list policy.
Perhaps specify "linux-distros@" without a domain, so it's more clear?
Or re-split the Wiki into two pages to avoid confusion?
> - The reporter not mentioning (and sometimes not replying even when
> asked) whether they're also coordinating with security@k.o or whether
> they want someone on linux-distros to help coordinate with security@k.o.
> (Maybe this is something we want to write about here.)
Yeah, that seems useful to include in both places.
> - The Linux kernel bug having been introduced too recently to be of much
> interest to distros.
Right; that'd be good to add as well. I see a lot of panic on twitter,
for example, about bugs that only ever existed in -rc releases.
> > Sending to the distros@ list risks exposing Linux-only flaws to non-Linux
> > distros.
>
> Right.
>
> > This has caused leaks in the past
>
> Do you mean leaks to *BSD security teams or to the public? I'm not
> aware of past leaks to the public via the non-Linux distros present on
> the distros@ list. Are you?
I don't know the origin of the leaks, but it only happened when distros@
was used instead of linux-distros@. I think this happened with DirtyCOW,
specifically.
--
Kees Cook
prev parent reply other threads:[~2019-07-23 22:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 23:11 [PATCH v2] Documentation/security-bugs: provide more information about linux-distros Sasha Levin
2019-07-18 9:40 ` Will Deacon
2019-07-18 14:14 ` Solar Designer
2019-07-18 22:00 ` Kees Cook
2019-07-19 0:39 ` Sasha Levin
2019-07-19 1:51 ` Kees Cook
2019-07-19 3:41 ` Sasha Levin
2019-07-19 8:42 ` Solar Designer
2019-07-23 22:23 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201907231520.D659BD32@keescook \
--to=keescook@chromium.org \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=sashal@kernel.org \
--cc=solar@openwall.com \
--cc=tyhicks@canonical.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.