lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200827160712.GD684514@kroah.com>
Date:   Thu, 27 Aug 2020 18:07:12 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Krzysztof Kozlowski <krzk@...nel.org>
Cc:     Security Officers <security@...nel.org>,
        Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] MAINTAINERS: Add security docs to SECURITY CONTACT

On Thu, Aug 27, 2020 at 03:20:16PM +0200, Krzysztof Kozlowski wrote:
> On Thu, Aug 27, 2020 at 03:18:27PM +0200, Greg Kroah-Hartman wrote:
> > On Thu, Aug 27, 2020 at 03:13:30PM +0200, Krzysztof Kozlowski wrote:
> > > When changing the documents related to kernel security workflow, notify
> > > the security mailing list as its concerned by this.
> > > 
> > > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > Signed-off-by: Krzysztof Kozlowski <krzk@...nel.org>
> > > ---
> > >  MAINTAINERS | 2 ++
> > >  1 file changed, 2 insertions(+)
> > > 
> > > diff --git a/MAINTAINERS b/MAINTAINERS
> > > index 8107b3d5d6df..a1e07d0f3205 100644
> > > --- a/MAINTAINERS
> > > +++ b/MAINTAINERS
> > > @@ -15620,6 +15620,8 @@ F:	include/uapi/linux/sed*
> > >  
> > >  SECURITY CONTACT
> > >  M:	Security Officers <security@...nel.org>
> > > +F:	Documentation/admin-guide/security-bugs.rst
> > > +F:	Documentation/process/embargoed-hardware-issues.rst
> > 
> > The hardware-issues document is "owned" by a different group of
> > suckers^Wdevelopers, that is independant of security@k.o, so that file
> > shouldn't be added to them here.
> 
> True, but isn't this broader security group involved in designing and
> discussing the HW security process?

While I think a number of the people did overlap, it was not everyone as
the processes are _VERY_ different for obvious reasons.

So please keep it separate for now.  There is a list of people who care
about this document, in the document itself, if anyone ever wants to
send changes to it.  No need to enumerate them all in the MAINTAINERS
file.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ