On Thu, Jul 09, 2020 at 11:11:30AM -0700, Kees Cook wrote: > The security contact list gets regular reports contained in archive > attachments. This tends to add some back-and-forth delay in dealing with > security reports since we have to ask for plain text, etc. > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > Documentation/admin-guide/security-bugs.rst | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst > index dcd6c93c7aac..c32eb786201c 100644 > --- a/Documentation/admin-guide/security-bugs.rst > +++ b/Documentation/admin-guide/security-bugs.rst > @@ -21,11 +21,18 @@ understand and fix the security vulnerability. > > As it is with any bug, the more information provided the easier it > will be to diagnose and fix. Please review the procedure outlined in > -admin-guide/reporting-bugs.rst if you are unclear about what > +:doc:`reporting-bugs` if you are unclear about what I can do 'gf' on Documentation/admin-guide/reporting-bugs.rst, I can do didly squat with crap like :doc:'reporting-bugs'. NAK > information is helpful. Any exploit code is very helpful and will not > be released without consent from the reporter unless it has already been > made public. > > +Please send plain text emails without attachments where possible. > +It is much harder to have a context-quoted discussion about a complex > +issue if all the details are hidden away in attachments. Think of it like a > +:doc:`regular patch submission <../process/submitting-patches>` More unusable references. > +(even if you don't have a patch yet): describe the problem and impact, list > +reproduction steps, and follow it with a proposed fix, all in plain text. > + You forgot to mention that opening complex file formats is a security risk all of its own.
