lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Sep 2019 10:26:52 -0700
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     linux-kernel@...r.kernel.org
Cc:     Dave Hansen <dave.hansen@...ux.intel.com>, corbet@....net,
        gregkh@...uxfoundation.org, sashal@...nel.org, ben@...adent.org.uk,
        tglx@...utronix.de, labbott@...hat.com, andrew.cooper3@...rix.com,
        tsoni@...eaurora.org, keescook@...omium.org, tony.luck@...el.com,
        linux-doc@...r.kernel.org, dan.j.williams@...el.com
Subject: [PATCH 4/4] Documentation/process: add transparency promise to list subscription


From: Dave Hansen <dave.hansen@...ux.intel.com>

Transparency is good.  It it essential for everyone working under an
embargo to know who is involved and who else is a "knower".  Being
transparent allows everyone to always make informed decisions about
ongoing participating in a mitigation effort.

Add a step to the subscription process which will notify existing
subscribers when a new one is added.

While I think this is good for everyone, this patch represents my
personal opinion and not that of my employer.

Cc: Jonathan Corbet <corbet@....net>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Sasha Levin <sashal@...nel.org>
Cc: Ben Hutchings <ben@...adent.org.uk>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Laura Abbott <labbott@...hat.com>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Trilok Soni <tsoni@...eaurora.org>
Cc: Kees Cook <keescook@...omium.org>
Cc: Tony Luck <tony.luck@...el.com>
Cc: linux-doc@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Acked-by: Dan Williams <dan.j.williams@...el.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
---

 b/Documentation/process/embargoed-hardware-issues.rst |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-2 Documentation/process/embargoed-hardware-issues.rst
--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-2	2019-09-10 09:58:47.989476197 -0700
+++ b/Documentation/process/embargoed-hardware-issues.rst	2019-09-10 09:58:47.992476197 -0700
@@ -276,10 +276,11 @@ certificate. If a PGP key is used, it mu
 server and is ideally connected to the Linux kernel's PGP web of trust. See
 also: https://www.kernel.org/signature.html.
 
-The response team verifies that the subscriber request is valid and adds
-the subscriber to the list. After subscription the subscriber will receive
-email from the mailing-list which is signed either with the list's PGP key
-or the list's S/MIME certificate. The subscriber's email client can extract
-the PGP key or the S/MIME certificate from the signature so the subscriber
-can send encrypted email to the list.
+The response team verifies that the subscriber request is valid, adds the
+subscriber to the list, and notifies the existing list subscribers
+including the disclosing party. After subscription the subscriber will
+receive email from the mailing-list which is signed either with the list's
+PGP key or the list's S/MIME certificate. The subscriber's email client can
+extract the PGP key or the S/MIME certificate from the signature so the
+subscriber can send encrypted email to the list.
 
_

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ