Received: by 10.223.185.111 with SMTP id b44csp763981wrg;
        Fri, 9 Mar 2018 13:16:39 -0800 (PST)
X-Google-Smtp-Source: AG47ELtTH16sVy4Ff1fpTTc5GXoCG6ubyO8UjFNcPszZNRbo3EXQe9zxvmpZ+XITqTxvLOHM7X3G
X-Received: by 10.99.181.94 with SMTP id u30mr25540427pgo.205.1520630199520;
        Fri, 09 Mar 2018 13:16:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520630199; cv=none;
        d=google.com; s=arc-20160816;
        b=Ut9EqbZzyGwOGiG9+O8RJbMtEyZj2JzaCi+U/hI+ZcFQQTFZxHBSzCyddD+339k9go
         9vIjDzVvBGM14js/R4p/HdzF4q7fcQla9GlVsQqsEoxqp0XlgzZf+dh9UkOOay/AtqcB
         OroYINQumUfvSH4tUAjsXsgBdePG0mSItjEb87StjB/LqayQ8hOgFHiAcRL8T3i9jyUA
         wuuHXQrrazGZufr/cfiANJ+hLzhP4V7AyEfA63iYRXOH+UJLXxREs4l63TPCMCPr4oP5
         zQX7TruZH8hOUuOd1cvSjWpH2ZG5/3lkR4LO77YcyMxfAdkypQcj7/PK3S4Ciz0WWL3N
         YnyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=;
        b=UaVVX0W7kjXjBB5bwnx08njrTQrnhyLCcxpfgHs6yOEokEtfyjFHIVoQundsumtYa1
         P9ie/r80x0iaEoH8Ixv1Z/IsQLAthUjiW1AqYnU6nD/CwE1ia889AZ7SG00AAqCOuqJB
         2aCiCb8rXGGRrIU1mX7RCpqGyAn+fEtmbty4xttXpbPEvKhmMe6cDbCmvtabLU5vw+HV
         pZ1umiwgdkYD3R+Y6PMnnJdfqRyFPg1MYeWIBLcRqNt393XIdIeA7MfoaSat13qr3o9c
         Dc0kBWzCSlzlMVSSU7h7ts/Q1TEkzt5PFsx3WuYyoorL8yxkizgzHVNmLOQYPwLUXGCc
         imhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=MF3hvXOU;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=J069GZjP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1-v6si1471915ply.22.2018.03.09.13.16.24;
        Fri, 09 Mar 2018 13:16:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=MF3hvXOU;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=J069GZjP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932589AbeCIVPe (ORCPT <rfc822;kernelgary@gmail.com> + 99 others);
        Fri, 9 Mar 2018 16:15:34 -0500
Received: from mail-it0-f54.google.com ([209.85.214.54]:55708 "EHLO
        mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932157AbeCIVPc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 16:15:32 -0500
Received: by mail-it0-f54.google.com with SMTP id n136so4303833itg.5;
        Fri, 09 Mar 2018 13:15:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=;
        b=MF3hvXOUhddxnnY3lflPbfYrz9sY2lQ0LD+PYGoKdvW+M5KAwHAibKzt8iBWhkI3g/
         CFAzF+uehTt0ZgbB3VydlE3paY52tsvxt+NNv7Tw29/CAZ/3FiLKsnV37IA94Lex2W/B
         d2Awj28wLGrVjVYa3C6Ow+70ku0PZlU++kbvTJYQmIS7OBN2GvFNkETtKdUfxSO5GjnJ
         FrYjaHL/PLtWExouPug8Zzj0BKCamyxfpPbC8X/IOna7bxgrXj/jyhmju0VMaImzoEYt
         b9uQYVwFzc+fNbVJcxJGlBm9fYRofX0OudVi6vmn/9Y4RbITy6FaOLUBw0u7loh/rw7A
         OHAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=;
        b=J069GZjPFFz8KkQP1e0Vp4g3y9VwnhvN0S54fBh3jhxkXx6pjFlfFIVcjlI6e7Dpmc
         UpzXeivWJC6SjTqk8u387sR0MYSme1tVoUanRranPWCBt1Ny1FCDQOtH/PfOdf3z6mlT
         NKQypkQ6HCPAphT0e/4HQZ3NYUmP0eg/+zwM0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=;
        b=Ceg6/BCf95tP+oCCjBqSx7kQYvXpY5Lv4tUH9oTBXsDSrdCqesWkfSgpuJVqwhHYBn
         ltyJK6YIIYVPT6SdoFX5lWSQOIeK5ZOd/9CBHpJ4UB4fpAfJRaozc1Gpnot2RdlS1ylZ
         YxcJkBNT4RkIpLun/6KGV0LhS9dBM8NNM7gGIVvmEEWCIyZc2iFIIuz7N+y2cTAU5AF+
         D7RRFZoXoK3xwPkhe0LnpmsoiXfUVyV38TrVF7B+1Mn5/ODZftTcAxxzrSVvI6nAzNcJ
         C+HtTgkgqcfqPhNiQcSMvXHkLo0SAzkmvMrIxIPZeK16x2dHcILENjXtS+dUSGqAx/GG
         p1pg==
X-Gm-Message-State: AElRT7EbraRdbryxSD6GydEW9BvcqzGxNmx0hvTwWB6cZE9J22Jb2CZ+
        HrcezpYOn9hAAxjk2TLNA3/QHLvHTKA1tDvQJ64=
X-Received: by 2002:a24:87c3:: with SMTP id f186-v6mr401487ite.100.1520630131676;
 Fri, 09 Mar 2018 13:15:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.221 with HTTP; Fri, 9 Mar 2018 13:15:31 -0800 (PST)
In-Reply-To: <20180309204526.56301f43@alans-desktop>
References: <20180307214624.D4361772@viggo.jf.intel.com> <20180309204526.56301f43@alans-desktop>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri, 9 Mar 2018 13:15:31 -0800
X-Google-Sender-Auth: Nd8ovk0cP8IJpxiYL-sUbOo-_Gk
Message-ID: <CA+55aFw5+KjVqKUpAMF+-BfE6NuXSNb8qdRtmAWDq6apK2v+sA@mail.gmail.com>
Subject: Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy
To:     Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc:     Dave Hansen <dave.hansen@linux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Dan Williams <dan.j.williams@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andrew Lutomirski <luto@kernel.org>,
        Kees Cook <keescook@google.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Andrew Morton <akpm@linux-foundation.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Mark Rutland <mark.rutland@arm.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox <gnomes@lxorguk.ukuu.org.uk> wrote:
>
> If you want to be taken seriously then I think minimum you also need to
> - Give a GPG key for messages to the list

Oh, I don't want to be taken seriously by people who use gpg encrypted email.

It's garbage and should be shunned as such.

I keep quoting this:

   https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp

and anybody who thinks pgp encrypted email is fine is a clown.

> - State what security is in place (encryption etc) to protect the list
>   itself

That could be stated, but it's worth noting the other rules.

If you have some long corrupt vendor disclosure period and are worried
about any good guys finding out (the bad guys probably already have
it), we're not the list for you anyway.

Keep your "we'll keep security problems under wraps so that they can
be exploited for a long time" emails to yourself, or send them to
/dev/null.

                   Linus