Return-Path: <linux-kernel-owner+willy=40w.ods.org-S262910AbVAQW7q@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S262910AbVAQW7q (ORCPT <rfc822;willy@w.ods.org>);
	Mon, 17 Jan 2005 17:59:46 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261535AbVAQW5x
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Mon, 17 Jan 2005 17:57:53 -0500
Received: from fw.osdl.org ([65.172.181.6]:24813 "EHLO mail.osdl.org")
	by vger.kernel.org with ESMTP id S261530AbVAQWwU (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 17 Jan 2005 17:52:20 -0500
Date: Mon, 17 Jan 2005 14:52:16 -0800
From: Chris Wright <chrisw@osdl.org>
To: Werner Almesberger <wa@almesberger.net>
Cc: Chris Wright <chrisw@osdl.org>, Jesper Juhl <juhl-lkml@dif.dk>,
       Alan Cox <alan@lxorguk.ukuu.org.uk>, Steve Bergman <steve@rueb.com>,
       Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
Message-ID: <20050117145216.J24171@build.pdx.osdl.net>
References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de> <41E2F6B3.9060008@rueb.com> <Pine.LNX.4.61.0501102309270.2987@dragon.hygekrogen.localhost> <20050110164001.Q469@build.pdx.osdl.net> <Pine.LNX.4.61.0501111758290.3368@dragon.hygekrogen.localhost> <1105461562.16168.46.camel@localhost.localdomain> <Pine.LNX.4.61.0501111854120.3368@dragon.hygekrogen.localhost> <20050111132905.N10567@build.pdx.osdl.net> <20050117194919.A14107@almesberger.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20050117194919.A14107@almesberger.net>; from wa@almesberger.net on Mon, Jan 17, 2005 at 07:49:19PM -0300
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1127
Lines: 31

* Werner Almesberger (wa@almesberger.net) wrote:
> Chris Wright wrote:
> > +SECURITY CONTACT
> > +P:	Security Officers
> > +M:	kernel-security@{osdl.org, vger.kernel.org, wherever}
> > +S:	Supported
> 
> If you mean this in the sense of "choose one, then put it here",
> this looks good. If you're suggesting multiple choices, to be
> made by the bug reporter, I'm not so sure.

Yeah, "choose one, then put it here."  I've set up
security@kernel.osdl.org.

> A single contact point, preferably with a human being that can
> confirm that the message has been received and understood, and
> indicate that there's now somebody taking care of it who knows
> what to do (which may just be forwarding it to someone else or
> some list, and monitoring the reaction), should be useful.

Agreed.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/