On 23.04.24 00:15, Mauro Carvalho Chehab wrote: >> stable@xxxxxxxxxx is there to route to /dev/null on purpose so that >> developers/maintainers who only want their patches to get picked up when >> they hit Linus's tree, will have happen and not notify anyone else. >> This is especially good when dealing with security-related things as we >> have had MANY people accidentally leak patches way too early by having >> cc: stable@xxxxxxxxxxxxxxx in their signed-off-by areas, and forgetting >> to tell git send-email to suppress cc: when sending them out for >> internal review. > Nice! didn't know about that. On a quick check, the only place at > documentation mentioning it without vger is at checkpatch.rst. > > Perhaps it would make sense to document that as well. Maybe something like the below? Will add that to my next patch set unless I hear complaints. Ciao, Thorsten --- diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst index 727ad7f758e3e0..5a47ed06081e41 100644 --- a/Documentation/process/stable-kernel-rules.rst +++ b/Documentation/process/stable-kernel-rules.rst @@ -72,6 +72,10 @@ for stable trees, add this tag in the sign-off area:: Cc: stable@xxxxxxxxxxxxxxx +Use ``Cc: stable@xxxxxxxxxx`` instead when fixing an unpublished vulnerability: +it reduces the chance of someone exposing the fix to the public by way of +'git send-email', as mails sent to that address are not delivered anywhere. + Once the patch is mainlined it will be applied to the stable tree without anything else needing to be done by the author or subsystem maintainer.