On 07/10/2023 16:04, Willy Tarreau wrote:
+As such, the kernel security team strongly recommends that reporters of +potential security issues DO NOT contact the "linux-distros" mailing +list BEFORE a fix is accepted by the affected code's maintainers and you
is s/BEFORE/UNTIL/ clearer?
+have read the linux-distros wiki page above and you fully understand the +requirements that doing so will impose on you and the kernel community. +This also means that in general it doesn't make sense to Cc: both lists +at once, except for coordination if a fix remains under embargo. And in +general, please do not Cc: the kernel security list about fixes that +have already been merged.
I was thinking about this Cc: thing and would it make sense to: 1) have LKML and other public vger lists reject messages that include s@k.o or (linux-)distros@ on Cc? The idea being that this is probably a mistake -- I believe it has happened a few times recently by mistake. 2) have (linux-)distros@ reject NEW threads (i.e. no In-Reply-To:) that also include s@k.o on Cc? We could include a nice message explaining why and to please resend when a patch has been developed and/or a disclosure is planned in the next 7 days. I guess the problem with this would be if somebody on s@k.o does a reply-all which would add distros right back in the loop -OR- a patch has already been developed and included. Vegard
