Received: by 10.223.185.111 with SMTP id b44csp763981wrg; Fri, 9 Mar 2018 13:16:39 -0800 (PST) X-Google-Smtp-Source: AG47ELtTH16sVy4Ff1fpTTc5GXoCG6ubyO8UjFNcPszZNRbo3EXQe9zxvmpZ+XITqTxvLOHM7X3G X-Received: by 10.99.181.94 with SMTP id u30mr25540427pgo.205.1520630199520; Fri, 09 Mar 2018 13:16:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520630199; cv=none; d=google.com; s=arc-20160816; b=Ut9EqbZzyGwOGiG9+O8RJbMtEyZj2JzaCi+U/hI+ZcFQQTFZxHBSzCyddD+339k9go 9vIjDzVvBGM14js/R4p/HdzF4q7fcQla9GlVsQqsEoxqp0XlgzZf+dh9UkOOay/AtqcB OroYINQumUfvSH4tUAjsXsgBdePG0mSItjEb87StjB/LqayQ8hOgFHiAcRL8T3i9jyUA wuuHXQrrazGZufr/cfiANJ+hLzhP4V7AyEfA63iYRXOH+UJLXxREs4l63TPCMCPr4oP5 zQX7TruZH8hOUuOd1cvSjWpH2ZG5/3lkR4LO77YcyMxfAdkypQcj7/PK3S4Ciz0WWL3N YnyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=; b=UaVVX0W7kjXjBB5bwnx08njrTQrnhyLCcxpfgHs6yOEokEtfyjFHIVoQundsumtYa1 P9ie/r80x0iaEoH8Ixv1Z/IsQLAthUjiW1AqYnU6nD/CwE1ia889AZ7SG00AAqCOuqJB 2aCiCb8rXGGRrIU1mX7RCpqGyAn+fEtmbty4xttXpbPEvKhmMe6cDbCmvtabLU5vw+HV pZ1umiwgdkYD3R+Y6PMnnJdfqRyFPg1MYeWIBLcRqNt393XIdIeA7MfoaSat13qr3o9c Dc0kBWzCSlzlMVSSU7h7ts/Q1TEkzt5PFsx3WuYyoorL8yxkizgzHVNmLOQYPwLUXGCc imhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=MF3hvXOU; dkim=fail header.i=@linux-foundation.org header.s=google header.b=J069GZjP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si1471915ply.22.2018.03.09.13.16.24; Fri, 09 Mar 2018 13:16:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=MF3hvXOU; dkim=fail header.i=@linux-foundation.org header.s=google header.b=J069GZjP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932589AbeCIVPe (ORCPT + 99 others); Fri, 9 Mar 2018 16:15:34 -0500 Received: from mail-it0-f54.google.com ([209.85.214.54]:55708 "EHLO mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932157AbeCIVPc (ORCPT ); Fri, 9 Mar 2018 16:15:32 -0500 Received: by mail-it0-f54.google.com with SMTP id n136so4303833itg.5; Fri, 09 Mar 2018 13:15:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=; b=MF3hvXOUhddxnnY3lflPbfYrz9sY2lQ0LD+PYGoKdvW+M5KAwHAibKzt8iBWhkI3g/ CFAzF+uehTt0ZgbB3VydlE3paY52tsvxt+NNv7Tw29/CAZ/3FiLKsnV37IA94Lex2W/B d2Awj28wLGrVjVYa3C6Ow+70ku0PZlU++kbvTJYQmIS7OBN2GvFNkETtKdUfxSO5GjnJ FrYjaHL/PLtWExouPug8Zzj0BKCamyxfpPbC8X/IOna7bxgrXj/jyhmju0VMaImzoEYt b9uQYVwFzc+fNbVJcxJGlBm9fYRofX0OudVi6vmn/9Y4RbITy6FaOLUBw0u7loh/rw7A OHAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=; b=J069GZjPFFz8KkQP1e0Vp4g3y9VwnhvN0S54fBh3jhxkXx6pjFlfFIVcjlI6e7Dpmc UpzXeivWJC6SjTqk8u387sR0MYSme1tVoUanRranPWCBt1Ny1FCDQOtH/PfOdf3z6mlT NKQypkQ6HCPAphT0e/4HQZ3NYUmP0eg/+zwM0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=4ZjmX0TK1ENqLidS6E/rBXdBjtyJFf2GLte8k5P5JJE=; b=Ceg6/BCf95tP+oCCjBqSx7kQYvXpY5Lv4tUH9oTBXsDSrdCqesWkfSgpuJVqwhHYBn ltyJK6YIIYVPT6SdoFX5lWSQOIeK5ZOd/9CBHpJ4UB4fpAfJRaozc1Gpnot2RdlS1ylZ YxcJkBNT4RkIpLun/6KGV0LhS9dBM8NNM7gGIVvmEEWCIyZc2iFIIuz7N+y2cTAU5AF+ D7RRFZoXoK3xwPkhe0LnpmsoiXfUVyV38TrVF7B+1Mn5/ODZftTcAxxzrSVvI6nAzNcJ C+HtTgkgqcfqPhNiQcSMvXHkLo0SAzkmvMrIxIPZeK16x2dHcILENjXtS+dUSGqAx/GG p1pg== X-Gm-Message-State: AElRT7EbraRdbryxSD6GydEW9BvcqzGxNmx0hvTwWB6cZE9J22Jb2CZ+ HrcezpYOn9hAAxjk2TLNA3/QHLvHTKA1tDvQJ64= X-Received: by 2002:a24:87c3:: with SMTP id f186-v6mr401487ite.100.1520630131676; Fri, 09 Mar 2018 13:15:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.135.221 with HTTP; Fri, 9 Mar 2018 13:15:31 -0800 (PST) In-Reply-To: <20180309204526.56301f43@alans-desktop> References: <20180307214624.D4361772@viggo.jf.intel.com> <20180309204526.56301f43@alans-desktop> From: Linus Torvalds Date: Fri, 9 Mar 2018 13:15:31 -0800 X-Google-Sender-Auth: Nd8ovk0cP8IJpxiYL-sUbOo-_Gk Message-ID: Subject: Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy To: Alan Cox Cc: Dave Hansen , Linux Kernel Mailing List , Dan Williams , Thomas Gleixner , Greg Kroah-Hartman , Andrea Arcangeli , Andrew Lutomirski , Kees Cook , Tim Chen , Al Viro , Andrew Morton , "open list:DOCUMENTATION" , Jonathan Corbet , Mark Rutland Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wrote: > > If you want to be taken seriously then I think minimum you also need to > - Give a GPG key for messages to the list Oh, I don't want to be taken seriously by people who use gpg encrypted email. It's garbage and should be shunned as such. I keep quoting this: https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp and anybody who thinks pgp encrypted email is fine is a clown. > - State what security is in place (encryption etc) to protect the list > itself That could be stated, but it's worth noting the other rules. If you have some long corrupt vendor disclosure period and are worried about any good guys finding out (the bad guys probably already have it), we're not the list for you anyway. Keep your "we'll keep security problems under wraps so that they can be exploited for a long time" emails to yourself, or send them to /dev/null. Linus