On Tue, Aug 20, 2019 at 09:58:50AM -0500, Josh Poimboeuf wrote: > On Thu, Aug 15, 2019 at 11:25:05PM +0200, Greg Kroah-Hartman wrote: > > +Contact > > +------- > > + > > +The Linux kernel hardware security team is separate from the regular Linux > > +kernel security team. > > + > > +The team only handles the coordination of embargoed hardware security > > +issues. Reports of pure software security bugs in the Linux kernel are not > > +handled by this team and the reporter will be guided to contact the regular > > +Linux kernel security team (:ref:`Documentation/admin-guide/ > > +<securitybugs>`) instead. > > + > > +The team can be contacted by email at <hardware-security@xxxxxxxxxx>. This > > +is a private list of security officers who will help you to coordinate an > > +issue according to our documented process. > > + > > +The list is encrypted and email to the list can be sent by either PGP or > > +S/MIME encrypted and must be signed with the reporter's PGP key or S/MIME > > +certificate. The list's PGP key and S/MIME certificate are available from > > +https://www.kernel.org/.... > > This link needs to be filled in? > > > +Encrypted mailing-lists > > +----------------------- > > + > > +We use encrypted mailing-lists for communication. The operating principle > > +of these lists is that email sent to the list is encrypted either with the > > +list's PGP key or with the list's S/MIME certificate. The mailing-list > > +software decrypts the email and re-encrypts it individually for each > > +subscriber with the subscriber's PGP key or S/MIME certificate. Details > > +about the mailing-list software and the setup which is used to ensure the > > +security of the lists and protection of the data can be found here: > > +https://www.kernel.org/.... > > Ditto? Yes, they will once the links are up and running :) thanks, greg k-h
