[PATCH 0/3] Documentation: clarify required info in security reports

Next message: Radim Kr&#x10D;m&#xE1;&#x159;: "Re: [PATCH v7 4/4] RISC-V: KVM: add KVM_CAP_RISCV_SET_HGATP_MODE"
Previous message: Willy Tarreau: "[PATCH 2/3] Documentation: explain how to find maintainers addresses for security reports"
Next in thread: Willy Tarreau: "[PATCH 1/3] Documentation: minor updates to the security contacts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Willy Tarreau

Date: Thu Apr 02 2026 - 14:31:44 EST

Hi Greg,

I'm sending you the doc clarifications we discussed for the process of
reporting security issues. It's cut into the 3 patches I shared this
morning on the security list (plus two typos fixed and a paragraph
asking for one single issue per report):

- one patch that reminds our need for a valid e-mail address
- one that explains to reporters how to proceed to find maintainers
addresses, hoping we won't have to do it for 90% of reports anymore
- one that enumerates basic requirements for every report

I think it covers the difficulties we've faced this week. As always,
we might possibly find tiny adjustments to add, but my goal would be
for such updates to be merged in time to update the public page ASAP
so that we can redirect incomplete reports in an attempt to lower the
team's current load.

Thanks!
Willy

---

Willy Tarreau (3):
Documentation: minor updates to the security contacts
Documentation: explain how to find maintainers addresses for security
reports
Documentation: clarify the mandatory and desirable info for security
reports

Documentation/process/security-bugs.rst | 147 +++++++++++++++++++++---
1 file changed, 132 insertions(+), 15 deletions(-)

--
2.52.0