lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a376347c-60f4-4c91-bf94-67eafa77492b@leemhuis.info>
Date: Wed, 13 Nov 2024 14:43:12 +0100
From: Thorsten Leemhuis <linux@...mhuis.info>
To: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
 Simona Vetter <simona.vetter@...ll.ch>
Cc: Laurent Pinchart <laurent.pinchart@...asonboard.com>,
 Jonathan Corbet <corbet@....net>, workflows@...r.kernel.org,
 linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] docs: reminder to not expose potentially private email
 addresses

On 13.11.24 12:40, Mauro Carvalho Chehab wrote:
> Em Wed, 13 Nov 2024 11:59:39 +0100
> Simona Vetter <simona.vetter@...ll.ch> escreveu:
>> On Wed, 13 Nov 2024 at 11:55, Thorsten Leemhuis <linux@...mhuis.info> wrote:
>>> On 13.11.24 11:26, Laurent Pinchart wrote:  
>>>>> +Note, remember to respect other people's privacy when adding these tags:
>>>>> +
>>>>> + - Only specify email addresses, if owners explicitly permitted their use or
>>>>> +   are fine with exposing them to the public based on previous actions found in
>>>>> +   the lore archives. 
> 
> There is no comma between "addresses" and "if".
> 
> "previous actions" sounds a little to vague. Also, the text doesn't cover
> everything, as lore archives may contain gaps.  I would, instead be clear:
> 
> 	 - Only specify email addresses if owners explicitly permitted their use or
> 	   if such e-mail was previously used publicly for Linux contributions, which
> 	   can be checked by looking at the lore archives and at the git log. 
> 
> I added "git log there" because, in practice, nobody has the time to double-check
> what e-mails are public: developers rely that scripts/checkpatch.pl will
> check git log when creating the Cc: list.

Thx. I went with a slightly changed variant for now, hope that's okay:

"""
Only specify email addresses if owners explicitly permitted their use or
if the addresses have previously been used publicly for contributions to
the Linux kernel found in the lore archives or the commit history.
"""

Regarding the other points Simona and Laurent brought up: many thx for
that, I will take a closer look soon (I need to check if the suggested
approaches really work; while at it I also want to check if
5.Posting.rst mentions the "no tag forgeries" aspect at all; from a
quick look that seems to be missing, so I might add a patch that puts it
in an appropriate place).

Ciao, Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ