Re: [PATCH v2 1/3] Documentation: security-bugs: do not systematically Cc the security team

Next message: Jacopo Mondi: "[PATCH 2/6] media: Documentation: uapi: Update V4L2 ISP for extensible stats"
Previous message: Neil Armstrong: "Re: (subset) [PATCH v2 0/4] drm/panel: Small Kconfig cleanup"
In reply to: Willy Tarreau: "[PATCH v2 1/3] Documentation: security-bugs: do not systematically Cc the security team"
Next in thread: Willy Tarreau: "[PATCH v2 2/3] Documentation: security-bugs: explain what is and is not a security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Romanovsky

Date: Tue May 05 2026 - 10:12:07 EST

On Sun, May 03, 2026 at 01:35:04PM +0200, Willy Tarreau wrote:
> With the increase of automated reports, the security team is dealing
> with way more messages than really needed. The reporting process works
> well with most teams so there is no need to systematically involve the
> security team in reports.
>
> Let's suggest to keep it for small lists of recipients and new reporters
> only. This should continue to cover the risk of lost messages while
> reducing the volume from prolific reporters.
>
> Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Leon Romanovsky <leon@xxxxxxxxxx>
> Signed-off-by: Willy Tarreau <w@xxxxxx>
> ---
> Documentation/process/security-bugs.rst | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)

Thanks,
Reviewed-by: Leon Romanovsky <leon@xxxxxxxxxx>