diff options
author | Willy Tarreau <w@1wt.eu> | 2018-01-04 14:31:25 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-24 19:05:53 +0100 |
commit | ce30f264b33d9e3d27e34638976c52b578648b92 (patch) | |
tree | 46dfac91608bfabab17164803481de984e1a58b6 /MAINTAINERS | |
parent | Revert "module: Add retpoline tag to VERMAGIC" (diff) | |
download | linux-ce30f264b33d9e3d27e34638976c52b578648b92.tar.xz linux-ce30f264b33d9e3d27e34638976c52b578648b92.zip |
MAINTAINERS: clarify that only verified bugs should be submitted to security@
We're seeing a raise of automated reports from testing tools and reports
about address leaks that are not really exploitable as-is, many of which
do not represent an immediate risk justifying to work in closed places.
Signed-off-by: Willy Tarreau <w@1wt.eu>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to '')
-rw-r--r-- | MAINTAINERS | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index e3581413420c..fec88c5ccedf 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -62,7 +62,15 @@ trivial patch so apply some common sense. 7. When sending security related changes or reports to a maintainer please Cc: security@kernel.org, especially if the maintainer - does not respond. + does not respond. Please keep in mind that the security team is + a small set of people who can be efficient only when working on + verified bugs. Please only Cc: this list when you have identified + that the bug would present a short-term risk to other users if it + were publicly disclosed. For example, reports of address leaks do + not represent an immediate threat and are better handled publicly, + and ideally, should come with a patch proposal. Please do not send + automated reports to this list either. Such bugs will be handled + better and faster in the usual public places. 8. Happy hacking. |