I think there is value in expressing the high-level design of this document so that it will not get lost with future revisions. This section is an rST comment and will not be part of rendered documentation (e.g. the html version). Link: https://lore.kernel.org/all/87ilpk5wsi.fsf@xxxxxxxxxxxx/ Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx> --- Documentation/process/security-bugs.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst index 7bd59587332a..8d9adc02cd49 100644 --- a/Documentation/process/security-bugs.rst +++ b/Documentation/process/security-bugs.rst @@ -158,3 +158,24 @@ CVE assignments. **List rules.** Please do not cross-post to other lists when writing to this list. Make sure to read the other list rules before posting: https://oss-security.openwall.org/wiki/mailing-lists/oss-security. + +.. + If you modify this document, please consider the following: + + 1) The most important information should be at the top (preferably in + the opening paragraph). This means contacting <security@xxxxxxxxxx>; + if somebody doesn't read any further than that, at least the security + team will have the report. + + 2) Make the differences between the lists extremely clear. The old + version did make an attempt at this, but the lines were not drawn + clearly enough. + + 3) Emphasize some of the posting rules which can be confusing to new + people (e.g. the fact that posting to linux-distros means you must + propose an embargo date and that this cannot under any circumstances + be more than 14 days). + + 4) The document should be a "step-by-step process" as much as possible, + so that you can use it as a guide while reporting an issue instead of + having to search back and forth for the thing you're looking for. -- 2.40.0.rc1.2.gd15644fe02
