* [PATCH iproute2] Add a security policy
@ 2023-09-29 23:06 Stephen Hemminger
2023-10-02 21:40 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2023-09-29 23:06 UTC (permalink / raw)
To: netdev; +Cc: Stephen Hemminger
Iproute2 security policy is minimal since the security
domain is controlled by the kernel. But it should be documented
before some new security related bug arises at some future time.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
SECURITY.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..d5a7775fc147
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+The iproute2 suite of utilities is tightly coupled with the Linux
+kernel networking. Therefore the bug reporting process mirrors
+the Linux kernel. Most security problems reported related to
+iproute2 are really Linux kernel issues (a.k.a Shoot the messenger)
+and are best handled via
+[Linux Security Bugs](https://docs.kernel.org/process/security-bugs.html).
+
+For other issues please report bugs to netdev@vger.kernel.org
+and include an example script.
+
+## Supported Versions
+
+There are no official "Long Term Support" versions for iproute2.
+The iproute2 version matches the Linux kernel versions.
+There will be occasional maintenance releases for serious
+issues if found. Users who need support are encouraged
+to use the version of iproute2 found in major distributions.
--
2.39.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH iproute2] Add a security policy
2023-09-29 23:06 [PATCH iproute2] Add a security policy Stephen Hemminger
@ 2023-10-02 21:40 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-10-02 21:40 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev
Hello:
This patch was applied to iproute2/iproute2.git (main)
by Stephen Hemminger <stephen@networkplumber.org>:
On Fri, 29 Sep 2023 16:06:29 -0700 you wrote:
> Iproute2 security policy is minimal since the security
> domain is controlled by the kernel. But it should be documented
> before some new security related bug arises at some future time.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> SECURITY.md | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
> create mode 100644 SECURITY.md
Here is the summary with links:
- [iproute2] Add a security policy
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=015d8e7fb877
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-02 21:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-29 23:06 [PATCH iproute2] Add a security policy Stephen Hemminger
2023-10-02 21:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).