On Mon, Apr 29, 2024 at 09:18:29AM +0200, Thorsten Leemhuis wrote: > Document when to use of stable@xxxxxxxxxx instead of > stable@xxxxxxxxxxxxxxx, as the two are easily mixed up and their > difference not explained anywhere[1]. > > Link: https://lore.kernel.org/all/20240422231550.3cf5f723@xxxxxxx/ [1] > Signed-off-by: Thorsten Leemhuis <linux@xxxxxxxxxxxxx> > --- > Documentation/process/stable-kernel-rules.rst | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst > index b4af627154f1d8..ebf4152659f2d0 100644 > --- a/Documentation/process/stable-kernel-rules.rst > +++ b/Documentation/process/stable-kernel-rules.rst > @@ -72,6 +72,10 @@ for stable trees, add this tag in the sign-off area:: > > Cc: stable@xxxxxxxxxxxxxxx > > +Use ``Cc: stable@xxxxxxxxxx`` instead when fixing unpublished vulnerabilities: > +it reduces the chance of accidentally exposing the fix to the public by way of > +'git send-email', as mails sent to that address are not delivered anywhere. The "fun" part of just saying this is that then it is a huge "signal" to others that "hey, this might be a security fix!" when it lands in Linus's tree. But hey, we do what we can, I know my scripts always use this address just to put a bit more noise into that signal :) That being said, it's good to have this documented now, thanks for it: Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
