Re: [PATCH] docs: Clarify details for reporting security bugs
From: Jonathan Corbet
Date: Tue Mar 07 2017 - 02:39:01 EST
On Mon, 6 Mar 2017 11:13:51 -0800
Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> The kernel security team is regularly asked to provide CVE identifiers,
> which we don't normally do. This updates the documentation to mention
> this and adds some more details about coordination and patch handling
> that come up regularly. Based on an earlier draft by Willy Tarreau.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Acked-by: Willy Tarreau <w@xxxxxx>
Seems good, applied to the docs tree, thanks.
> Related question: shouldn't security-bugs.rst and submitting-patches.rst live
> in /process/ rather than /admin-guide/ ?
The former should maybe be there, depending on just who we think it
should be aimed at, I guess. submitting-patches.rst is already in
process/, though, so I'm not quite sure I understand that question?
Thanks,
jon