Message-ID: <41E2C820.3060204@tuleriit.ee>
Date: Mon, 10 Jan 2005 20:23:28 +0200
From: Indrek Kruusa <indrek.kruusa@tuleriit.ee>
Reply-To: indrek.kruusa@tuleriit.ee
User-Agent: Mozilla Thunderbird 0.8 (X11/20040923)
MIME-Version: 1.0
To: Steve Bergman <steve@rueb.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
References: <41E2B181.3060009@rueb.com>
In-Reply-To: <41E2B181.3060009@rueb.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1160
Lines: 27

Steve Bergman wrote:

> There seems to be some confusion in certain quarters as to the proper 
> procedure for reporting possible kernel security issues.   
> REPORTING-BUGS says send bug reports to the maintainer of that area of 
> the kernel.


Unfortunately my english is not on a par with this but this document 
*needs* updating at every corner and after that the direct hyperlink to 
this document on the kernel.org should be placed above links of the 
kernel source (currently it is somewhere at the middle of the page). And 
the note "please read before using vanilla kernel" should be in red. It 
*seems* to me that there is a big cap between reality and this 
document/common sense (in the days of heavily patched kernels and 2.6 
devel. model). There should be several separate parts in this document: 
for kernel developers, for distro makers, for "smart" users, for 
"enthusiasts"....

regards,
Indrek

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/