From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> Both hardware companies and the kernel community prefer coordinated disclosure to the alternatives. It is also obvious that sitting on ready-to-go mitigations for months is not so nice for kernel maintainers. I want to ensure that the patched text can not be read as "the kernel does not wait for conference dates". I'm also fairly sure that, so far, we *have* waited for a number of conference dates. Change the text to make it clear that waiting for conference dates is possible, but keep the grumbling about it being a burden. While I think this is good for everyone, this patch represents my personal opinion and not that of my employer. Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Sasha Levin <sashal@xxxxxxxxxx> Cc: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Laura Abbott <labbott@xxxxxxxxxx> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Cc: Trilok Soni <tsoni@xxxxxxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Tony Luck <tony.luck@xxxxxxxxx> Cc: linux-doc@xxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx Acked-by: Dan Williams <dan.j.williams@xxxxxxxxx> Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> --- b/Documentation/process/embargoed-hardware-issues.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-1 Documentation/process/embargoed-hardware-issues.rst --- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-1 2019-09-10 08:39:03.879488129 -0700 +++ b/Documentation/process/embargoed-hardware-issues.rst 2019-09-10 08:39:03.883488129 -0700 @@ -197,10 +197,9 @@ While we understand that hardware securi time, the embargo time should be constrained to the minimum time which is required for all involved parties to develop, test and prepare the mitigations. Extending embargo time artificially to meet conference talk -dates or other non-technical reasons is creating more work and burden for -the involved developers and response teams as the patches need to be kept -up to date in order to follow the ongoing upstream kernel development, -which might create conflicting changes. +dates or other non-technical reasons is possible, but not preferred. These +artificial extensions burden the response team with constant maintenance +updating mitigations to follow upstream kernel development. CVE assignment """""""""""""" _