MAINTAINERS: clarify that only verified bugs should be submitted to security@
We're seeing a raise of automated reports from testing tools and reports about address leaks that are not really exploitable as-is, many of which do not represent an immediate risk justifying to work in closed places. Signed-off-by: Willy Tarreau <w@1wt.eu> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Willy Tarreau
Linus Torvalds
parent
5132ede0fe
commit
ce30f264b3
10
MAINTAINERS
10
MAINTAINERS
|
|
@ -62,7 +62,15 @@ trivial patch so apply some common sense.
|
|||
|
||||
7. When sending security related changes or reports to a maintainer
|
||||
please Cc: security@kernel.org, especially if the maintainer
|
||||
does not respond.
|
||||
does not respond. Please keep in mind that the security team is
|
||||
a small set of people who can be efficient only when working on
|
||||
verified bugs. Please only Cc: this list when you have identified
|
||||
that the bug would present a short-term risk to other users if it
|
||||
were publicly disclosed. For example, reports of address leaks do
|
||||
not represent an immediate threat and are better handled publicly,
|
||||
and ideally, should come with a patch proposal. Please do not send
|
||||
automated reports to this list either. Such bugs will be handled
|
||||
better and faster in the usual public places.
|
||||
|
||||
8. Happy hacking.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue