lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <26b25204-9829-44a8-9836-1ce1c8725586@oracle.com>
Date: Thu, 15 Feb 2024 13:24:57 +0100
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: corbet@....net, workflows@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, security@...nel.org,
        Kees Cook <keescook@...omium.org>, Sasha Levin <sashal@...nel.org>,
        Lee Jones <lee@...nel.org>
Subject: Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process


On 15/02/2024 12:50, Greg Kroah-Hartman wrote:
> On Wed, Feb 14, 2024 at 09:37:31AM +0100, Vegard Nossum wrote:
>>
>> On 14/02/2024 09:00, Greg Kroah-Hartman wrote:
>>> diff --git a/Documentation/process/cve.rst b/Documentation/process/cve.rst
>>> new file mode 100644
>>> index 000000000000..6465e6a79c18
>>> --- /dev/null
>>> +++ b/Documentation/process/cve.rst
>>> @@ -0,0 +1,120 @@
>>> +CVEs
>>> +====
>>
>> Document titles should have ==== above them as well, and then you would
>> need to shift all the other headings in this document (i.e. all the ---
>> should become ===).
>>
>> Info here: https://docs.kernel.org/doc-guide/sphinx.html#specific-guidelines-for-the-kernel-documentation
> 
> Really?  I copied this directly from
> Documentation/process/security-bugs.rst which is in the format that I
> used here.  Which one is incorrect, I'm confused.

Documentation/ currently has a mix of both formats and they both work,
but the guidelines linked above is the gold standard and what we should
aim for in new documents.

The "correct" format would thus be:

====
CVEs
====

..

Process
=======

..

At least this is my understanding; I'm happy to be corrected (and in
this case, we should also update the documentation).

Thanks for your other clarifications.


Vegard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ