From: Bagas Sanjaya <bagasdotme@gmail.com>
To: Vegard Nossum <vegard.nossum@oracle.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>,
Solar Designer <solar@openwall.com>,
Will Deacon <will@kernel.org>, Willy Tarreau <w@1wt.eu>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, Amit Shah <aams@amazon.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Kees Cook <keescook@chromium.org>,
Laura Abbott <labbott@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Thorsten Leemhuis <linux@leemhuis.info>,
Tyler Hicks <tyhicks@linux.microsoft.com>
Subject: Re: [PATCH v3 0/7] Documentation/security-bugs: overhaul
Date: Mon, 6 Mar 2023 15:48:36 +0700 [thread overview]
Message-ID: <ZAWo5BEPmNTkC2Gf@debian.me> (raw)
In-Reply-To: <20230305220010.20895-1-vegard.nossum@oracle.com>
[-- Attachment #1: Type: text/plain, Size: 1054 bytes --]
On Sun, Mar 05, 2023 at 11:00:03PM +0100, Vegard Nossum wrote:
> Hi,
>
> This is v3 of clarifying our documentation for reporting security
> issues.
>
> The current document is not clear enough, in particular the process of
> disclosure and requesting CVEs, and what the roles of the different
> lists are and how exactly to report to each of them.
>
> Lots of people have been confused about the 7/14 days of the kernel list
> vs. the 7/14 days of the distros list, the fact that these are two
> separate lists, etc. Many reporters contact distros first, or submit
> their report to both lists at the same time (which has the unfortunate
> effect of starting off the disclosure countdown for the distros list
> before s@k.o has had a chance to look at the report). I've shared the v2
> document with a couple of people who submitted reports and they said
> they found it a lot clearer.
>
The docs LGTM, thanks!
Reviewed-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
prev parent reply other threads:[~2023-03-06 8:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-05 22:00 [PATCH v3 0/7] Documentation/security-bugs: overhaul Vegard Nossum
2023-03-05 22:00 ` [PATCH v3 1/7] Documentation/security-bugs: move from admin-guide/ to process/ Vegard Nossum
2023-03-06 12:35 ` Federico Vaga
2023-03-06 13:39 ` Carlos Bilbao
2023-03-06 14:04 ` Akira Yokosawa
2023-03-07 2:44 ` Yanteng Si
2023-03-12 15:00 ` Greg Kroah-Hartman
2023-03-05 22:00 ` [PATCH v3 2/7] Documentation/security-bugs: misc. improvements Vegard Nossum
2023-03-12 15:06 ` Greg Kroah-Hartman
2023-03-05 22:00 ` [PATCH v3 3/7] Documentation/security-bugs: improve security list section Vegard Nossum
2023-03-05 22:00 ` [PATCH v3 4/7] Documentation/security-bugs: add linux-distros and oss-security sections Vegard Nossum
2023-03-06 6:08 ` Greg Kroah-Hartman
2023-03-05 22:00 ` [PATCH v3 5/7] Documentation/security-bugs: add table of lists Vegard Nossum
2023-03-05 22:00 ` [PATCH v3 6/7] Documentation/security-bugs: clarify hardware vs. software vulnerabilities Vegard Nossum
2023-03-05 22:00 ` [PATCH v3 7/7] Documentation/security-bugs: document document design Vegard Nossum
2023-03-06 6:02 ` [PATCH v3 0/7] Documentation/security-bugs: overhaul Greg Kroah-Hartman
2023-03-06 6:35 ` Willy Tarreau
2023-03-06 6:42 ` Greg Kroah-Hartman
2023-03-06 9:42 ` Vegard Nossum
2023-03-06 7:11 ` Willy Tarreau
2023-03-06 8:47 ` Bagas Sanjaya
2023-03-06 8:48 ` Bagas Sanjaya [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZAWo5BEPmNTkC2Gf@debian.me \
--to=bagasdotme@gmail.com \
--cc=aams@amazon.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=labbott@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=mchehab@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=solar@openwall.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tyhicks@linux.microsoft.com \
--cc=vegard.nossum@oracle.com \
--cc=w@1wt.eu \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.