| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230929230629.66868-1-stephen@networkplumber.org> Date: Fri, 29 Sep 2023 16:06:29 -0700 From: Stephen Hemminger <stephen@...workplumber.org> To: netdev@...r.kernel.org Cc: Stephen Hemminger <stephen@...workplumber.org> Subject: [PATCH iproute2] Add a security policy Iproute2 security policy is minimal since the security domain is controlled by the kernel. But it should be documented before some new security related bug arises at some future time. Signed-off-by: Stephen Hemminger <stephen@...workplumber.org> --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..d5a7775fc147 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Reporting a vulnerability + +The iproute2 suite of utilities is tightly coupled with the Linux +kernel networking. Therefore the bug reporting process mirrors +the Linux kernel. Most security problems reported related to +iproute2 are really Linux kernel issues (a.k.a Shoot the messenger) +and are best handled via +[Linux Security Bugs](https://docs.kernel.org/process/security-bugs.html). + +For other issues please report bugs to netdev@...r.kernel.org +and include an example script. + +## Supported Versions + +There are no official "Long Term Support" versions for iproute2. +The iproute2 version matches the Linux kernel versions. +There will be occasional maintenance releases for serious +issues if found. Users who need support are encouraged +to use the version of iproute2 found in major distributions. -- 2.39.2
Powered by blists - more mailing lists