Maintainer workflows discussions
 help / color / mirror / Atom feed
* [PATCH] Add SECURITY.md to redirect GitHub users to official security channels
@ 2026-07-14 10:46 Spuntik
  2026-07-14 12:17 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Spuntik @ 2026-07-14 10:46 UTC (permalink / raw)
  To: linux-kernel, workflows

From 9b140a7e28c8480ab51bc5441c4d40fa5e5a4e90 Mon Sep 17 00:00:00 2001
From: spuntik1205 <spuntik1205@gmail.com>
Date: Tue, 14 Jul 2026 12:22:32 +0200
Subject: [PATCH] Add SECURITY.md to redirect GitHub users to official
security channels

GitHub natively supports a `SECURITY.md` file in the root of the
repository. When this file is present, GitHub automatically
creates a "Security" tab for the repo and displays a prominent link to
this policy whenever a user attempts to open a new issue.

Since the Linux kernel mirror on GitHub receives a lot of traffic from
users who may not be familiar with the kernel's
mailing-list workflow, they might incorrectly attempt to report
security vulnerabilities through public GitHub channels.

This PR adds a standard `SECURITY.md` file that:
1. Explicitly asks users not to report vulnerabilities on GitHub.
2. Directs them to the official `security@kernel.org` mailing list.
3. Links directly to the official `security-bugs.rst` documentation on
kernel.org for proper reporting procedures.

While I understand the kernel does not use GitHub for development,
adding this file will help intercept confused GitHub users
and redirect them to the proper kernel security workflows.
---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..80b0b46279f6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+The Linux kernel maintains several active branches. The mainline
kernel, stable kernels, and longterm maintenance (LTS) kernels are
currently supported with security updates.
+
+Please refer to the [active kernel
releases](https://www.kernel.org/category/releases.html) on kernel.org
to see which versions are currently receiving security updates.
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you believe you have found a security vulnerability in the Linux
kernel, please report it to the Linux kernel security team.
+
+1. **Email the Security Team:** Send an email to `security@kernel.org`.
+2. **Read the Documentation:** For detailed instructions on what to
include in your report, acceptable disclosure timelines, and how the
kernel team handles security bugs, please read the official [Security
Bugs Documentation](https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html).
+3. **Hardware Vulnerabilities:** If you are reporting a hardware
vulnerability that affects the kernel, please refer to the specific
guidelines for [Hardware
vulnerabilities](https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html)
and contact the hardware security team at
`hardware-security@kernel.org` if appropriate.
+
+The security team will review your report and work with you and the
relevant subsystem maintainers to develop and release a fix. You can
typically expect an initial response within a few days.
-- 
2.55.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-14 12:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-14 10:46 [PATCH] Add SECURITY.md to redirect GitHub users to official security channels Spuntik
2026-07-14 12:17 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox