lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202508141422.15BDB8E6@keescook>
Date: Thu, 14 Aug 2025 14:23:02 -0700
From: Kees Cook <kees@...nel.org>
To: Willy Tarreau <w@....eu>
Cc: Jonathan Corbet <corbet@....net>, security@...nel.org,
	workflows@...r.kernel.org, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH 1/2] Documentation: clarify the expected collaboration
 with security bugs reporters

On Thu, Aug 14, 2025 at 09:27:29PM +0200, Willy Tarreau wrote:
> Some bug reports sent to the security team sometimes lack any explanation,
> are only AI-generated without verification, or sometimes it can simply be
> difficult to have a conversation with an invisible reporter belonging to
> an opaque team. This fortunately remains rare but the trend has been
> steadily increasing over the last years and it seems important to clarify
> what developers expect from reporters to avoid frustration on any side and
> keep the process efficient.
> 
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: Willy Tarreau <w@....eu>

Reviewed-by: Kees Cook <kees@...nel.org>

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ