From: Kees Cook <keescook@chromium.org>
To: Solar Designer <solar@openwall.com>
Cc: Sasha Levin <sashal@kernel.org>,
corbet@lwn.net, will@kernel.org, peterz@infradead.org,
gregkh@linuxfoundation.org, tyhicks@canonical.com,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] Documentation/security-bugs: provide more information about linux-distros
Date: Tue, 23 Jul 2019 15:23:42 -0700 [thread overview]
Message-ID: <201907231520.D659BD32@keescook> (raw)
In-Reply-To: <20190719084215.GA24691@openwall.com>
On Fri, Jul 19, 2019 at 10:42:15AM +0200, Solar Designer wrote:
> - The reporter having been directed to post from elsewhere (and I
> suspect this documentation file) without being aware of list policy.
Perhaps specify "linux-distros@" without a domain, so it's more clear?
Or re-split the Wiki into two pages to avoid confusion?
> - The reporter not mentioning (and sometimes not replying even when
> asked) whether they're also coordinating with security@k.o or whether
> they want someone on linux-distros to help coordinate with security@k.o.
> (Maybe this is something we want to write about here.)
Yeah, that seems useful to include in both places.
> - The Linux kernel bug having been introduced too recently to be of much
> interest to distros.
Right; that'd be good to add as well. I see a lot of panic on twitter,
for example, about bugs that only ever existed in -rc releases.
> > Sending to the distros@ list risks exposing Linux-only flaws to non-Linux
> > distros.
>
> Right.
>
> > This has caused leaks in the past
>
> Do you mean leaks to *BSD security teams or to the public? I'm not
> aware of past leaks to the public via the non-Linux distros present on
> the distros@ list. Are you?
I don't know the origin of the leaks, but it only happened when distros@
was used instead of linux-distros@. I think this happened with DirtyCOW,
specifically.
--
Kees Cook
prev parent reply other threads:[~2019-07-23 22:23 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 23:11 [PATCH v2] Documentation/security-bugs: provide more information about linux-distros Sasha Levin
2019-07-18 9:40 ` Will Deacon
2019-07-18 14:14 ` Solar Designer
2019-07-18 22:00 ` Kees Cook
2019-07-19 0:39 ` Sasha Levin
2019-07-19 1:51 ` Kees Cook
2019-07-19 3:41 ` Sasha Levin
2019-07-19 8:42 ` Solar Designer
2019-07-23 22:23 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201907231520.D659BD32@keescook \
--to=keescook@chromium.org \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=sashal@kernel.org \
--cc=solar@openwall.com \
--cc=tyhicks@canonical.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).