On 23.04.24 00:15, Mauro Carvalho Chehab wrote:
>> stable@xxxxxxxxxx is there to route to /dev/null on purpose so that
>> developers/maintainers who only want their patches to get picked up when
>> they hit Linus's tree, will have happen and not notify anyone else.
>> This is especially good when dealing with security-related things as we
>> have had MANY people accidentally leak patches way too early by having
>> cc: stable@xxxxxxxxxxxxxxx in their signed-off-by areas, and forgetting
>> to tell git send-email to suppress cc: when sending them out for
>> internal review.
> Nice! didn't know about that. On a quick check, the only place at
> documentation mentioning it without vger is at checkpatch.rst.
>
> Perhaps it would make sense to document that as well.
Maybe something like the below?
Will add that to my next patch set unless I hear complaints.
Ciao, Thorsten
---
diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst
index 727ad7f758e3e0..5a47ed06081e41 100644
--- a/Documentation/process/stable-kernel-rules.rst
+++ b/Documentation/process/stable-kernel-rules.rst
@@ -72,6 +72,10 @@ for stable trees, add this tag in the sign-off area::
Cc: stable@xxxxxxxxxxxxxxx
+Use ``Cc: stable@xxxxxxxxxx`` instead when fixing an unpublished vulnerability:
+it reduces the chance of someone exposing the fix to the public by way of
+'git send-email', as mails sent to that address are not delivered anywhere.
+
Once the patch is mainlined it will be applied to the stable tree without
anything else needing to be done by the author or subsystem maintainer.
