[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190910172651.D9F5C062@viggo.jf.intel.com>
Date: Tue, 10 Sep 2019 10:26:51 -0700
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: linux-kernel@...r.kernel.org
Cc: Dave Hansen <dave.hansen@...ux.intel.com>, corbet@....net,
gregkh@...uxfoundation.org, sashal@...nel.org, ben@...adent.org.uk,
tglx@...utronix.de, labbott@...hat.com, andrew.cooper3@...rix.com,
tsoni@...eaurora.org, keescook@...omium.org, tony.luck@...el.com,
linux-doc@...r.kernel.org, dan.j.williams@...el.com
Subject: [PATCH 3/4] Documentation/process: soften language around conference talk dates
From: Dave Hansen <dave.hansen@...ux.intel.com>
Both hardware companies and the kernel community prefer coordinated
disclosure to the alternatives. It is also obvious that sitting on
ready-to-go mitigations for months is not so nice for kernel
maintainers.
I want to ensure that the patched text can not be read as "the kernel
does not wait for conference dates". I'm also fairly sure that, so
far, we *have* waited for a number of conference dates.
Change the text to make it clear that waiting for conference dates
is possible, but keep the grumbling about it being a burden.
While I think this is good for everyone, this patch represents my
personal opinion and not that of my employer.
Cc: Jonathan Corbet <corbet@....net>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Sasha Levin <sashal@...nel.org>
Cc: Ben Hutchings <ben@...adent.org.uk>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Laura Abbott <labbott@...hat.com>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Trilok Soni <tsoni@...eaurora.org>
Cc: Kees Cook <keescook@...omium.org>
Cc: Tony Luck <tony.luck@...el.com>
Cc: linux-doc@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Acked-by: Dan Williams <dan.j.williams@...el.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
---
b/Documentation/process/embargoed-hardware-issues.rst | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-1 Documentation/process/embargoed-hardware-issues.rst
--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-1 2019-09-10 08:39:03.879488129 -0700
+++ b/Documentation/process/embargoed-hardware-issues.rst 2019-09-10 08:39:03.883488129 -0700
@@ -197,10 +197,9 @@ While we understand that hardware securi
time, the embargo time should be constrained to the minimum time which is
required for all involved parties to develop, test and prepare the
mitigations. Extending embargo time artificially to meet conference talk
-dates or other non-technical reasons is creating more work and burden for
-the involved developers and response teams as the patches need to be kept
-up to date in order to follow the ongoing upstream kernel development,
-which might create conflicting changes.
+dates or other non-technical reasons is possible, but not preferred. These
+artificial extensions burden the response team with constant maintenance
+updating mitigations to follow upstream kernel development.
CVE assignment
""""""""""""""
_
Powered by blists - more mailing lists