[PATCH 3/4] Documentation/process: soften language around conference talk dates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>

Both hardware companies and the kernel community prefer coordinated
disclosure to the alternatives.  It is also obvious that sitting on
ready-to-go mitigations for months is not so nice for kernel
maintainers.

I want to ensure that the patched text can not be read as "the kernel
does not wait for conference dates".  I'm also fairly sure that, so
far, we *have* waited for a number of conference dates.

Change the text to make it clear that waiting for conference dates
is possible, but keep the grumbling about it being a burden.

While I think this is good for everyone, this patch represents my
personal opinion and not that of my employer.

Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Sasha Levin <sashal@xxxxxxxxxx>
Cc: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Laura Abbott <labbott@xxxxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: Trilok Soni <tsoni@xxxxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: linux-doc@xxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Acked-by: Dan Williams <dan.j.williams@xxxxxxxxx>
Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
---

 b/Documentation/process/embargoed-hardware-issues.rst |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-1 Documentation/process/embargoed-hardware-issues.rst
--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-1	2019-09-10 08:39:03.879488129 -0700
+++ b/Documentation/process/embargoed-hardware-issues.rst	2019-09-10 08:39:03.883488129 -0700
@@ -197,10 +197,9 @@ While we understand that hardware securi
 time, the embargo time should be constrained to the minimum time which is
 required for all involved parties to develop, test and prepare the
 mitigations. Extending embargo time artificially to meet conference talk
-dates or other non-technical reasons is creating more work and burden for
-the involved developers and response teams as the patches need to be kept
-up to date in order to follow the ongoing upstream kernel development,
-which might create conflicting changes.
+dates or other non-technical reasons is possible, but not preferred. These
+artificial extensions burden the response team with constant maintenance
+updating mitigations to follow upstream kernel development.
 
 CVE assignment
 """"""""""""""
_



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux