lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 24 Jan 2023 17:38:29 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Luis Chamberlain <mcgrof@...nel.org>
Cc:     Matthew Wilcox <willy@...radead.org>,
        Konstantin Ryabitsev <mricon@...nel.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Anton Blanchard <anton@...ux.ibm.com>,
        Trilok Soni <tsoni@...eaurora.org>,
        James Morris <jamorris@...ux.microsoft.com>, corbet@....net,
        javier.gonz@...sung.com, linux-doc@...r.kernel.org,
        a.manzanares@...sung.com, dave@...olabs.net,
        darren@...amperecomputing.com, ndesaulniers@...gle.com,
        gost.dev@...sung.com, linux-kernel@...r.kernel.org,
        Luis Chamberlain <mcgrof.c@...sung.com>
Subject: Re: [PATCH] docs: embargoed-hardware-issues: add embargoed HW
 contact for Samsung

On Tue, Jan 24, 2023 at 08:22:45AM -0800, Luis Chamberlain wrote:
> On Tue, Jan 24, 2023 at 06:20:46AM +0100, Greg KH wrote:
> > On Tue, Jan 24, 2023 at 02:39:53AM +0000, Matthew Wilcox wrote:
> > > On Mon, Jan 23, 2023 at 01:48:03PM -0800, Luis Chamberlain wrote:
> > > > > > @@ -251,6 +251,7 @@ an involved disclosed party. The current ambassadors list:
> > > > > >    IBM Z		Christian Borntraeger <borntraeger@...ibm.com>
> > > > > >    Intel		Tony Luck <tony.luck@...el.com>
> > > > > >    Qualcomm	Trilok Soni <tsoni@...eaurora.org>
> > > > > > +  Samsung       Javier González <javier.gonz@...sung.com>
> > > > 
> > > > I'll send a fix on v2.
> > > > 
> > > > BTW while at it, it got me wondering, since most of the emails on
> > > > this hw embargo page are not required to have kernel.org accounts
> > > 
> > > This isn't the list of hw embargo people.  This is the list of
> > > "ambassadors" who can help people work through the security disclosure
> > > process.  My impression is that it's to tell me that I should contact
> > > Konrad, since he also works at Oracle, to help me through the process.
> > > It's not for people outside Oracle to contact.
> > > 
> > > If I have the wrong impression of that list, perhaps the description
> > > could be clarified.
> > 
> > That is correct, but it is primarily a list that I use when needing to
> > contact companies about potential issues in their hardware. 
> 
> That is the impression I gathered.
> 
> > For that I
> > don't need a GPG key, that's only required if they need to get added to
> > a secure mailing list, and at that point I can have a key sent to me, it
> > does not have to be in our kernel.org keyring at all (and list
> > participants usually are not there.)
> 
> That might be useful to explain in the documentation.

It is not really needed as the kernel.org gpg keyring has nothing to do
with this list or the people on it.  No need to say "that other thing
over there has nothing to do with this thing here", otherwise we would
be enumerating everything in this file :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ