Re: [PATCH 1/3] Documentation: security-bugs: do not systematically Cc the security team

Next message: Andrew Morton: "Re: [PATCH 2/3] bpf: arena: use page_ref_count() instead of page_mapped() in arena_free_pages()"
Previous message: Gabriele Monaco: "[RFC PATCH 12/12] rv: Add KUnit tests for some LTL monitors"
In reply to: Greg KH: "Re: [PATCH 1/3] Documentation: security-bugs: do not systematically Cc the security team"
Next in thread: Greg KH: "Re: [PATCH 1/3] Documentation: security-bugs: do not systematically Cc the security team"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Willy Tarreau

Date: Mon Apr 27 2026 - 11:27:19 EST

On Mon, Apr 27, 2026 at 07:49:08AM -0600, Greg KH wrote:
> On Sun, Apr 26, 2026 at 06:39:12PM +0200, Willy Tarreau wrote:
> > With the increase of automated reports, the security team is dealing
> > with way more messages than really needed. The reporting process works
> > well with most teams so there is no need to systematically involve the
> > security team in reports.
> >
> > Let's suggest to keep it for small lists of recipients, to cover the
> > risk of lost messages (spam, vacation etc) but to avoid it for larger
> > teams.
> >
> > Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> > Cc: Leon Romanovsky <leon@xxxxxxxxxx>
> > Signed-off-by: Willy Tarreau <w@xxxxxx>
>
> This is going to cut down on emails to us a bunch, which might be good,
> or not, as now we'll not have a way to know what's going on overall.
> But hey, let's try it and see what happens!

Or maybe we could suggest that first reports from a reporter should
always Cc the list ? After all, every time we asked to drop the list
was for senders at their 5th or 10th submission. Maybe we could just
say that the list members prefer not being repetitively CCed by the
same submitters to invest more time on newcomers ?

> Acked-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

Thanks!
willy