2024-06-10 00:36:35

by Dongliang Mu

[permalink] [raw]
Subject: [PATCH v2] docs/zh_CN: update the translation of security-bugs

Update to commit 5928d411557e ("Documentation: Document the Linux Kernel
CVE process")

commit 0217f3944aeb ("Documentation: security-bugs.rst: linux-distros
relaxed their rules")
commit 3c1897ae4b6b ("Documentation: security-bugs.rst: clarify CVE
handling")
commit 4fee0915e649 ("Documentation: security-bugs.rst: update
preferences when dealing with the linux-distros group")
commit 44ac5abac86b ("Documentation/security-bugs: move from admin-guide/
to process/")

Signed-off-by: Dongliang Mu <[email protected]>
---
v1->v2: remove admin-guide/security-bugs, and revise all its references
.../translations/zh_CN/admin-guide/index.rst | 1 -
.../zh_CN/admin-guide/reporting-issues.rst | 4 +-
.../translations/zh_CN/process/index.rst | 3 +-
.../security-bugs.rst | 42 ++++++++++++-------
.../zh_CN/process/submitting-patches.rst | 2 +-
5 files changed, 31 insertions(+), 21 deletions(-)
rename Documentation/translations/zh_CN/{admin-guide => process}/security-bugs.rst (57%)

diff --git a/Documentation/translations/zh_CN/admin-guide/index.rst b/Documentation/translations/zh_CN/admin-guide/index.rst
index ac2960da33e6..773c53956000 100644
--- a/Documentation/translations/zh_CN/admin-guide/index.rst
+++ b/Documentation/translations/zh_CN/admin-guide/index.rst
@@ -37,7 +37,6 @@ Todolist:

reporting-issues
reporting-regressions
- security-bugs
bug-hunting
bug-bisect
tainted-kernels
diff --git a/Documentation/translations/zh_CN/admin-guide/reporting-issues.rst b/Documentation/translations/zh_CN/admin-guide/reporting-issues.rst
index 59e51e3539b4..9ff4ba94391d 100644
--- a/Documentation/translations/zh_CN/admin-guide/reporting-issues.rst
+++ b/Documentation/translations/zh_CN/admin-guide/reporting-issues.rst
@@ -300,7 +300,7 @@ Documentation/admin-guide/reporting-regressions.rst 对此进行了更详细的
添加到回归跟踪列表中,以确保它不会被忽略。

什么是安全问题留给您自己判断。在继续之前,请考虑阅读
-Documentation/translations/zh_CN/admin-guide/security-bugs.rst ,
+Documentation/translations/zh_CN/process/security-bugs.rst ,
因为它提供了如何最恰当地处理安全问题的额外细节。

当发生了完全无法接受的糟糕事情时,此问题就是一个“非常严重的问题”。例如,
@@ -983,7 +983,7 @@ Documentation/admin-guide/reporting-regressions.rst ;它还提供了大量其
报告,请将报告的文本转发到这些地址;但请在报告的顶部加上注释,表明您提交了
报告,并附上工单链接。

-更多信息请参见 Documentation/translations/zh_CN/admin-guide/security-bugs.rst 。
+更多信息请参见 Documentation/translations/zh_CN/process/security-bugs.rst 。


发布报告后的责任
diff --git a/Documentation/translations/zh_CN/process/index.rst b/Documentation/translations/zh_CN/process/index.rst
index 5c6c8ccdd50d..011dc2cf583a 100644
--- a/Documentation/translations/zh_CN/process/index.rst
+++ b/Documentation/translations/zh_CN/process/index.rst
@@ -49,10 +49,11 @@ TODOLIST:

embargoed-hardware-issues
cve
+ security-bugs

TODOLIST:

-* security-bugs
+* handling-regressions

其它大多数开发人员感兴趣的社区指南:

diff --git a/Documentation/translations/zh_CN/admin-guide/security-bugs.rst b/Documentation/translations/zh_CN/process/security-bugs.rst
similarity index 57%
rename from Documentation/translations/zh_CN/admin-guide/security-bugs.rst
rename to Documentation/translations/zh_CN/process/security-bugs.rst
index d6b8f8a4e7f6..a8f5fcbfadc9 100644
--- a/Documentation/translations/zh_CN/admin-guide/security-bugs.rst
+++ b/Documentation/translations/zh_CN/process/security-bugs.rst
@@ -1,3 +1,5 @@
+.. SPDX-License-Identifier: GPL-2.0-or-later
+
.. include:: ../disclaimer-zh_CN.rst

:Original: :doc:`../../../process/security-bugs`
@@ -5,6 +7,7 @@
:译者:

吴想成 Wu XiangCheng <[email protected]>
+ 慕冬亮 Dongliang Mu <[email protected]>

安全缺陷
=========
@@ -17,13 +20,13 @@ Linux内核开发人员非常重视安全性。因此我们想知道何时发现

可以通过电子邮件<[email protected]>联系Linux内核安全团队。这是一个安全人员
的私有列表,他们将帮助验证错误报告并开发和发布修复程序。如果您已经有了一个
-修复,请将其包含在您的报告中,这样可以大大加快进程。安全团队可能会从区域维护
+修复,请将其包含在您的报告中,这样可以大大加快处理进程。安全团队可能会从区域维护
人员那里获得额外的帮助,以理解和修复安全漏洞。

与任何缺陷一样,提供的信息越多,诊断和修复就越容易。如果您不清楚哪些信息有用,
请查看“Documentation/translations/zh_CN/admin-guide/reporting-issues.rst”中
-概述的步骤。任何利用漏洞的攻击代码都非常有用,未经报告者同意不会对外发布,除
-非已经公开。
+概述的步骤。任何利用漏洞的攻击代码都非常有用,未经报告者同意不会对外发布,
+除非已经公开。

请尽可能发送无附件的纯文本电子邮件。如果所有的细节都藏在附件里,那么就很难对
一个复杂的问题进行上下文引用的讨论。把它想象成一个
@@ -49,24 +52,31 @@ Linux内核开发人员非常重视安全性。因此我们想知道何时发现
换句话说,我们唯一感兴趣的是修复缺陷。提交给安全列表的所有其他资料以及对报告
的任何后续讨论,即使在解除限制之后,也将永久保密。

-协调
-------
+与其他团队协调
+--------------
+
+虽然内核安全团队仅关注修复漏洞,但还有其他组织关注修复发行版上的安全问题以及协调
+操作系统厂商的漏洞披露。协调通常由 "linux-distros" 邮件列表处理,而披露则由
+公共 "oss-security" 邮件列表进行。两者紧密关联且被展示在 linux-distros 维基:
+<https://oss-security.openwall.org/wiki/mailing-lists/distros>
+
+请注意,这三个列表的各自政策和规则是不同的,因为它们追求不同的目标。内核安全团队
+与其他团队之间的协调很困难,因为对于内核安全团队,保密期(即最大允许天数)是从补丁
+可用时开始,而 "linux-distros" 则从首次发布到列表时开始计算,无论是否存在补丁。

-对敏感缺陷(例如那些可能导致权限提升的缺陷)的修复可能需要与私有邮件列表
-<[email protected]>进行协调,以便分发供应商做好准备,在公开披露
-上游补丁时发布一个已修复的内核。发行版将需要一些时间来测试建议的补丁,通常
-会要求至少几天的限制,而供应商更新发布更倾向于周二至周四。若合适,安全团队
-可以协助这种协调,或者报告者可以从一开始就包括linux发行版。在这种情况下,请
-记住在电子邮件主题行前面加上“[vs]”,如linux发行版wiki中所述:
-<http://oss-security.openwall.org/wiki/mailing-lists/distros#how-to-use-the-lists>。
+因此,内核安全团队强烈建议,作为一位潜在安全问题的报告者,在受影响代码的维护者
+接受补丁之前,且在您阅读上述发行版维基页面并完全理解联系 "linux-distros"
+邮件列表会对您和内核社区施加的要求之前,不要联系 "linux-distros" 邮件列表。
+这也意味着通常情况下不要同时抄送两个邮件列表,除非在协调时有已接受但尚未合并的补丁。
+换句话说,在补丁被接受之前,不要抄送 "linux-distros";在修复程序被合并之后,
+不要抄送内核安全团队。

CVE分配
--------

-安全团队通常不分配CVE,我们也不需要它们来进行报告或修复,因为这会使过程不必
-要的复杂化,并可能耽误缺陷处理。如果报告者希望在公开披露之前分配一个CVE编号,
-他们需要联系上述的私有linux-distros列表。当在提供补丁之前已有这样的CVE编号时,
-如报告者愿意,最好在提交消息中提及它。
+安全团队不分配 CVE,同时我们也不需要 CVE 来报告或修复漏洞,因为这会使过程不必要
+的复杂化,并可能延误漏洞处理。如果报告者希望为确认的问题分配一个 CVE 编号,
+可以联系 :doc:`内核 CVE 分配团队 <../process/cve>` 获取。

保密协议
---------
diff --git a/Documentation/translations/zh_CN/process/submitting-patches.rst b/Documentation/translations/zh_CN/process/submitting-patches.rst
index 7864107e60a8..7ca16bda3709 100644
--- a/Documentation/translations/zh_CN/process/submitting-patches.rst
+++ b/Documentation/translations/zh_CN/process/submitting-patches.rst
@@ -208,7 +208,7 @@ [email protected] 。他收到的邮件很多,所以一般来说
如果您有修复可利用安全漏洞的补丁,请将该补丁发送到 [email protected] 。对于
严重的bug,可以考虑短期禁令以允许分销商(有时间)向用户发布补丁;在这种情况下,
显然不应将补丁发送到任何公共列表。
-参见 Documentation/translations/zh_CN/admin-guide/security-bugs.rst 。
+参见 Documentation/translations/zh_CN/process/security-bugs.rst 。

修复已发布内核中严重错误的补丁程序应该抄送给稳定版维护人员,方法是把以下列行
放进补丁的签准区(注意,不是电子邮件收件人)::
--
2.34.1



2024-06-10 02:07:10

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH v2] docs/zh_CN: update the translation of security-bugs

Hi Dongliang,

kernel test robot noticed the following build warnings:

[auto build test WARNING on lwn/docs-next]
[also build test WARNING on linus/master v6.10-rc3 next-20240607]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url: https://github.com/intel-lab-lkp/linux/commits/Dongliang-Mu/docs-zh_CN-update-the-translation-of-security-bugs/20240610-083729
base: git://git.lwn.net/linux.git docs-next
patch link: https://lore.kernel.org/r/20240610003520.33839-1-dzm91%40hust.edu.cn
patch subject: [PATCH v2] docs/zh_CN: update the translation of security-bugs
reproduce: (https://download.01.org/0day-ci/archive/20240610/[email protected]/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/

All warnings (new ones prefixed by >>):

Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`rt_link<../../networking/netlink_spec/rt_link>`
Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`tc<../../networking/netlink_spec/tc>`
Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`tc<../../networking/netlink_spec/tc>`
Warning: Documentation/devicetree/bindings/power/wakeup-source.txt references a file that doesn't exist: Documentation/devicetree/bindings/input/qcom,pm8xxx-keypad.txt
Warning: Documentation/devicetree/bindings/regulator/siliconmitus,sm5703-regulator.yaml references a file that doesn't exist: Documentation/devicetree/bindings/mfd/siliconmitus,sm5703.yaml
>> Warning: Documentation/translations/zh_TW/admin-guide/reporting-issues.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst
>> Warning: Documentation/translations/zh_TW/admin-guide/reporting-issues.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst
>> Warning: Documentation/translations/zh_TW/process/submitting-patches.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst
Warning: Documentation/userspace-api/netlink/index.rst references a file that doesn't exist: Documentation/networking/netlink_spec/index.rst
Warning: Documentation/userspace-api/netlink/specs.rst references a file that doesn't exist: Documentation/networking/netlink_spec/index.rst
Warning: MAINTAINERS references a file that doesn't exist: Documentation/devicetree/bindings/reserved-memory/qcom
Warning: MAINTAINERS references a file that doesn't exist: Documentation/devicetree/bindings/display/exynos/
Using alabaster theme

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

2024-06-11 02:07:56

by Dongliang Mu

[permalink] [raw]
Subject: Re: [PATCH v2] docs/zh_CN: update the translation of security-bugs

On Mon, Jun 10, 2024 at 10:07 AM kernel test robot <[email protected]> wrote:
>
> Hi Dongliang,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on lwn/docs-next]
> [also build test WARNING on linus/master v6.10-rc3 next-20240607]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Dongliang-Mu/docs-zh_CN-update-the-translation-of-security-bugs/20240610-083729
> base: git://git.lwn.net/linux.git docs-next
> patch link: https://lore.kernel.org/r/20240610003520.33839-1-dzm91%40hust.edu.cn
> patch subject: [PATCH v2] docs/zh_CN: update the translation of security-bugs
> reproduce: (https://download.01.org/0day-ci/archive/20240610/[email protected]/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <[email protected]>
> | Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
>
> All warnings (new ones prefixed by >>):
>
> Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`rt_link<../../networking/netlink_spec/rt_link>`
> Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`tc<../../networking/netlink_spec/tc>`
> Documentation/userspace-api/netlink/netlink-raw.rst: :doc:`tc<../../networking/netlink_spec/tc>`
> Warning: Documentation/devicetree/bindings/power/wakeup-source.txt references a file that doesn't exist: Documentation/devicetree/bindings/input/qcom,pm8xxx-keypad.txt
> Warning: Documentation/devicetree/bindings/regulator/siliconmitus,sm5703-regulator.yaml references a file that doesn't exist: Documentation/devicetree/bindings/mfd/siliconmitus,sm5703.yaml
> >> Warning: Documentation/translations/zh_TW/admin-guide/reporting-issues.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst
> >> Warning: Documentation/translations/zh_TW/admin-guide/reporting-issues.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst
> >> Warning: Documentation/translations/zh_TW/process/submitting-patches.rst references a file that doesn't exist: Documentation/translations/zh_CN/admin-guide/security-bugs.rst

Thanks for the report. I've sent a v3 patch with this issue fixed.

> Warning: Documentation/userspace-api/netlink/index.rst references a file that doesn't exist: Documentation/networking/netlink_spec/index.rst
> Warning: Documentation/userspace-api/netlink/specs.rst references a file that doesn't exist: Documentation/networking/netlink_spec/index.rst
> Warning: MAINTAINERS references a file that doesn't exist: Documentation/devicetree/bindings/reserved-memory/qcom
> Warning: MAINTAINERS references a file that doesn't exist: Documentation/devicetree/bindings/display/exynos/
> Using alabaster theme
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>