Received: by 10.192.165.148 with SMTP id m20csp2222337imm; Sun, 22 Apr 2018 03:01:58 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/GHGKmgmxNtZqDIzi5C3fvAaRcYTpffs9RJUZbgT6ebPe+YPyYqMfunBxYmqRRB5VlBLZC X-Received: by 10.98.11.144 with SMTP id 16mr15936704pfl.228.1524391318859; Sun, 22 Apr 2018 03:01:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524391318; cv=none; d=google.com; s=arc-20160816; b=ewR2MFQiJzdD9aUSeB5+k8CVp58F9Z2a2pjXNYgJnpC3uEYJJ00MixxX/tON+nWkxr PpMkDgZ7YXFpxpemRbNSD6FDgH1CcX91ElS8lv1nCVhfSU6/PEXzrYMMY1CFosiPD9a+ LeDeHJ3KuU2MNKn3Y1rwb5mtCAbXRa0iTsRNPJIM0dLpJ6tLaNKXsH+goVNBwi4JzdPy WFs5Euc2HxEVN93sW/arcRpWih0ykL3GlKEtbhCIp/vE5rNgO04kFMOvBiP3gms7v73o 59okDYPApMMTz1Zy3QGN5ZTvjUyQo0Wm36xXSWbrvhgmB+PgOfZ3oRIPlPiM1WVuFkdS e/LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=37a2nsIG6nXZvInt6gimfVYhUjDfsLaIZ7ZBPm5P+Eo=; b=EVHXrk289fIOY7x89CQT9PEBUA5Dsmk4uSfMeIaecuMwKHa/9LC4DC95DDkpjoOAI2 KvELnvmUK+mkTUwBjrow79UxUzYJq8TuoKbljtFio2tWtAhq3zcMdgNwuGn92hRWzTqZ SWw8mbuEdYNEdQ6OSUWHxYM9I3XikM8lLRqupbq5xlaUE9EbBXnnN57oMEumvg7m70eV 5bYCQvlNbIOLnOpi34qCXcOTTcJ4RJYlM80nYGk3nSilHlIXxQpLSRwGZ7I+jJ0qrEqL o+z4iGBOjNZ2OnnR1+j02Qg/G6eifChqwnx/XWDxWga1TrJIS3I1aXnNLm8D8d5oFLae kVqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j66si8168038pgc.566.2018.04.22.03.01.44; Sun, 22 Apr 2018 03:01:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751567AbeDVKAg (ORCPT + 99 others); Sun, 22 Apr 2018 06:00:36 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:58547 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751053AbeDVKAe (ORCPT ); Sun, 22 Apr 2018 06:00:34 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 2041B8039B; Sun, 22 Apr 2018 12:00:33 +0200 (CEST) Date: Sun, 22 Apr 2018 12:00:32 +0200 From: Pavel Machek To: Linus Torvalds Cc: Alan Cox , Dave Hansen , Linux Kernel Mailing List , Dan Williams , Thomas Gleixner , Greg Kroah-Hartman , Andrea Arcangeli , Andrew Lutomirski , Kees Cook , Tim Chen , Al Viro , Andrew Morton , "open list:DOCUMENTATION" , Jonathan Corbet , Mark Rutland Subject: Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy Message-ID: <20180422100032.GA18114@amd> References: <20180307214624.D4361772@viggo.jf.intel.com> <20180309204526.56301f43@alans-desktop> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! On Fri 2018-03-09 13:15:31, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wr= ote: > > > > If you want to be taken seriously then I think minimum you also need to > > - Give a GPG key for messages to the list >=20 > Oh, I don't want to be taken seriously by people who use gpg > encrypted email. Heh. I see that gpg has some usability problems, but we do encrypt our http connections, and email is at least as sensitive. > > - State what security is in place (encryption etc) to protect the list > > itself >=20 > That could be stated, but it's worth noting the other rules. >=20 > If you have some long corrupt vendor disclosure period and are worried > about any good guys finding out (the bad guys probably already have > it), we're not the list for you anyway. >=20 > Keep your "we'll keep security problems under wraps so that they can > be exploited for a long time" emails to yourself, or send them to > /dev/null. Umm, they will not sent it to /dev/null, as that is not encrypted :-). I guess I can act as this kind of /dev/null. It might be useful to note the issues, and for the serious ones notify you few days before the "long" embargo is going to expire... Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlrcXUAACgkQMOfwapXb+vLi2QCbBRWS347sf1bbosIBKDAAw8KK FGcAnAttXd3u+EJx2kS05Umez4/P6Nsu =2kt8 -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd--