summaryrefslogtreecommitdiffstats
path: root/MAINTAINERS
diff options
context:
space:
mode:
authorWilly Tarreau <w@1wt.eu>2018-01-04 14:31:25 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2018-01-24 19:05:53 +0100
commitce30f264b33d9e3d27e34638976c52b578648b92 (patch)
tree46dfac91608bfabab17164803481de984e1a58b6 /MAINTAINERS
parentRevert "module: Add retpoline tag to VERMAGIC" (diff)
downloadlinux-ce30f264b33d9e3d27e34638976c52b578648b92.tar.xz
linux-ce30f264b33d9e3d27e34638976c52b578648b92.zip
MAINTAINERS: clarify that only verified bugs should be submitted to security@
We're seeing a raise of automated reports from testing tools and reports about address leaks that are not really exploitable as-is, many of which do not represent an immediate risk justifying to work in closed places. Signed-off-by: Willy Tarreau <w@1wt.eu> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to '')
-rw-r--r--MAINTAINERS10
1 files changed, 9 insertions, 1 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index e3581413420c..fec88c5ccedf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -62,7 +62,15 @@ trivial patch so apply some common sense.
7. When sending security related changes or reports to a maintainer
please Cc: security@kernel.org, especially if the maintainer
- does not respond.
+ does not respond. Please keep in mind that the security team is
+ a small set of people who can be efficient only when working on
+ verified bugs. Please only Cc: this list when you have identified
+ that the bug would present a short-term risk to other users if it
+ were publicly disclosed. For example, reports of address leaks do
+ not represent an immediate threat and are better handled publicly,
+ and ideally, should come with a patch proposal. Please do not send
+ automated reports to this list either. Such bugs will be handled
+ better and faster in the usual public places.
8. Happy hacking.