Re: [PATCH] Documentation: insist on the plain-text requirement for security reports

linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Willy Tarreau <w@1wt.eu>
Cc: Jonathan Corbet <corbet@lwn.net>,
	Security Officers <security@kernel.org>,
	gregkh@linuxfoundation.org, kees@kernel.org,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Documentation: insist on the plain-text requirement for security reports
Date: Mon, 1 Dec 2025 21:47:01 +0100	[thread overview]
Message-ID: <aS3-xTM5NvYLNEM9@gmail.com> (raw)
In-Reply-To: <20251129141741.19046-1-w@1wt.eu>


* Willy Tarreau <w@1wt.eu> wrote:

> As the trend of AI-generated reports is growing, the trend of unreadable
> reports in gimmicky formats is following, and we cannot request that
> developers rely on online viewers to be able to read a security report
> full for formatting tags. Let's just insist on the plain text requirement
> a bit more.
> 
> Signed-off-by: Willy Tarreau <w@1wt.eu>
> ---
>  Documentation/process/security-bugs.rst | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst
> index 84657e7d2e5b..c0cf93e11565 100644
> --- a/Documentation/process/security-bugs.rst
> +++ b/Documentation/process/security-bugs.rst
> @@ -33,12 +33,16 @@ that can speed up the process considerably.  It is possible that the
>  security team will bring in extra help from area maintainers to
>  understand and fix the security vulnerability.
>  
> -Please send plain text emails without attachments where possible.
> +Please send **plain text** emails without attachments where possible.

So maybe part of the confusion is that this sentence 
can be read permissively, depending how the 'where 
possible' qualifier is interpreted:

    Please send plain text emails without attachments, 
    where possible.

Note how "it's not possible because my report is in 
PDF" seems to allow for that in the permissive reading.

What that sentence should really say is something like:

   Please send plain text emails only. Please do not 
   include any attachments, where possible.

This makes it clear that only plain text emails are 
acceptable.

Ie. something like the patch below?

Thanks,

	Ingo

============================================>
Signed-off-by: Ingo Molnar <mingo@kernel.org>

 Documentation/process/security-bugs.rst | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst
index 84657e7d2e5b..4a76928a700e 100644
--- a/Documentation/process/security-bugs.rst
+++ b/Documentation/process/security-bugs.rst
@@ -33,12 +33,16 @@ that can speed up the process considerably.  It is possible that the
 security team will bring in extra help from area maintainers to
 understand and fix the security vulnerability.
 
-Please send plain text emails without attachments where possible.
-It is much harder to have a context-quoted discussion about a complex
-issue if all the details are hidden away in attachments.  Think of it like a
-:doc:`regular patch submission <../process/submitting-patches>`
+Please send **plain text** emails only. Please do not include any
+attachments, where possible.  It is much harder to have a context-quoted
+discussion about a complex issue if all the details are hidden away
+in attachments.  Think of it like a :doc:`regular patch submission <../process/submitting-patches>`
 (even if you don't have a patch yet): describe the problem and impact, list
 reproduction steps, and follow it with a proposed fix, all in plain text.
+Markdown, HTML and RST formatted reports are particularly frowned upon since
+they're quite hard to read for humans and encourage to use dedicated viewers,
+sometimes online, which by definition is not acceptable for a confidential
+security report.
 
 Disclosure and embargoed information
 ------------------------------------

next prev parent reply	other threads:[~2025-12-01 20:47 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-29 14:17 [PATCH] Documentation: insist on the plain-text requirement for security reports Willy Tarreau
2025-12-01  6:38 ` Greg KH
2025-12-01  7:12   ` Willy Tarreau
2025-12-22 22:32   ` Jonathan Corbet
2025-12-01 20:47 ` Ingo Molnar [this message]
2025-12-03  7:16   ` Willy Tarreau
2025-12-03 14:40 ` Kees Cook
2025-12-03 14:58   ` Willy Tarreau

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:84657e7d2e5 dfblob:4a76928a700 )
 OR (
bs:"Re: [PATCH] Documentation: insist on the plain-text requirement for security reports" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aS3-xTM5NvYLNEM9@gmail.com \
    --to=mingo@kernel.org \
    --cc=corbet@lwn.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=kees@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=security@kernel.org \
    --cc=w@1wt.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).