Provide more information about how to interact with the linux-distros mailing list for disclosing security bugs. Reference the linux-distros list policy and clarify that the reporter must read and understand those policies as they differ from security@xxxxxxxxxx's policy. Suggested-by: Solar Designer <solar@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- Changes in v2: - Focus more on pointing to the linux-distros wiki and policies. - Remove explicit linux-distros email. - Remove various explanations of linux-distros policies. Documentation/admin-guide/security-bugs.rst | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst index dcd6c93c7aac..380d44fd618d 100644 --- a/Documentation/admin-guide/security-bugs.rst +++ b/Documentation/admin-guide/security-bugs.rst @@ -60,16 +60,15 @@ Coordination ------------ Fixes for sensitive bugs, such as those that might lead to privilege -escalations, may need to be coordinated with the private -<linux-distros@xxxxxxxxxxxxxxx> mailing list so that distribution vendors -are well prepared to issue a fixed kernel upon public disclosure of the -upstream fix. Distros will need some time to test the proposed patch and -will generally request at least a few days of embargo, and vendor update -publication prefers to happen Tuesday through Thursday. When appropriate, -the security team can assist with this coordination, or the reporter can -include linux-distros from the start. In this case, remember to prefix -the email Subject line with "[vs]" as described in the linux-distros wiki: -<http://oss-security.openwall.org/wiki/mailing-lists/distros#how-to-use-the-lists> +escalations, may need to be coordinated with the private linux-distros mailing +list so that distribution vendors are well prepared to issue a fixed kernel +upon public disclosure of the upstream fix. Please read and follow the policies +of linux-distros as specified in the linux-distros wiki page before reporting: +<https://oss-security.openwall.org/wiki/mailing-lists/distros>. When +appropriate, the security team can assist with this coordination, or the +reporter can include linux-distros from the start. In this case, remember to +prefix the email Subject line with "[vs]" as described in the linux-distros +wiki. CVE assignment -------------- -- 2.20.1
