| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081655-proved-ladybug-4fa3@gregkh> Date: Sat, 16 Aug 2025 17:07:12 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Willy Tarreau <w@....eu> Cc: Jonathan Corbet <corbet@....net>, security@...nel.org, workflows@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] Documentation: clarify the expected collaboration with security bugs reporters On Thu, Aug 14, 2025 at 09:27:29PM +0200, Willy Tarreau wrote: > Some bug reports sent to the security team sometimes lack any explanation, > are only AI-generated without verification, or sometimes it can simply be > difficult to have a conversation with an invisible reporter belonging to > an opaque team. This fortunately remains rare but the trend has been > steadily increasing over the last years and it seems important to clarify > what developers expect from reporters to avoid frustration on any side and > keep the process efficient. > > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > Signed-off-by: Willy Tarreau <w@....eu> > --- > Documentation/process/security-bugs.rst | 10 ++++++++++ > 1 file changed, 10 insertions(+) Both of these look good to me, thanks! I'll queue them up after the next -rc is out. greg k-h
Powered by blists - more mailing lists