Received: by 2002:a5d:925a:0:0:0:0:0 with SMTP id e26csp622517iol; Thu, 9 Jun 2022 10:15:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz7PdCvc+iKcoQjtAPTHTOvSLGqB3dVvVbPjzNiGiuF+5zt64hEECbzc9p0joLNKDBJehu6 X-Received: by 2002:a63:4a4d:0:b0:401:9f40:26a7 with SMTP id j13-20020a634a4d000000b004019f4026a7mr2611953pgl.282.1654794950006; Thu, 09 Jun 2022 10:15:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654794950; cv=none; d=google.com; s=arc-20160816; b=POCefUsLiPRCSwZOpEntBYlaCc17Xa3rwzXhxGr6xBqepd557FS0rHnjjGfoIED6I6 oLf/qJ3bm01rZhMO2XcBGe+4AwPauTr36pNaJnzxTw1QWP2/GzbkVPzMIpi1l0eXTtzc hCPDAlqd97GcdVZIiw7eECMm7cq4HHqiOxMgAPzAjF6KRwmdfyEGwoWJIBXwAHN+LPRj KnMsRQU5vTBQ9wcXTEqGU56yuoSD3JLNXlSs3FQc3H5A6fadPYsDWyAEQbnEjyvQlip3 vUrm0lLrHGHsa1hkVcJh+qh8e0B1JsjJVAKOIFX89E2Y/sZI51dw6wc4OdGu8cYIHReA 4wrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=95t3Vrjm09V/sBTJr+iWaWnORS/f5tg2vspH7lnTegU=; b=T282uHFDryHbG3qxLn7SuBQ6GUS0k2rtnF4OxaHV0lVhs+E2igi7EG8dUY0HRgXZwt yzkfqVi4GxLrKpGzEiQx4sGquCuv+aKcvAkaWnyxFH43xTaPw+jv+czcRqUzM5Iw0Ho3 rCWpCFp5aaB5HdoY4kq5hadyUDhFqCX6tD1gg/hnfFvZgxG7R95W3JgOTKCHpABSvc1v XNuaeK8CNgsAQRzSaHFWsQnufCrEASCP05lA2DB6xv9ItGC+eGFoKeavbg3PeHyzck2w vT7Ilv5deHcETOmUts8YXr8Jc9SpKZFAyOJPz/T81tCM1HO/mq+/Gl8fwUexziHLKapZ Gr7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e128-20020a636986000000b003fdb58edcf2si16931894pgc.435.2022.06.09.10.15.35; Thu, 09 Jun 2022 10:15:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245113AbiFIRCo (ORCPT + 99 others); Thu, 9 Jun 2022 13:02:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230107AbiFIRCl (ORCPT ); Thu, 9 Jun 2022 13:02:41 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E02CAC365C; Thu, 9 Jun 2022 10:02:38 -0700 (PDT) Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 259H13QN010121; Thu, 9 Jun 2022 19:01:03 +0200 Date: Thu, 9 Jun 2022 19:01:03 +0200 From: Willy Tarreau To: Will Deacon Cc: Vegard Nossum , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Amit Shah , Dave Hansen , David Woodhouse , Greg Kroah-Hartman , "Gustavo A . R . Silva" , Jiri Kosina , Kees Cook , Laura Abbott , Linus Torvalds , Mauro Carvalho Chehab , Paolo Bonzini , Peter Zijlstra , Solar Designer , Thomas Gleixner , Thorsten Leemhuis , Tyler Hicks Subject: Re: [PATCH v2] Documentation/security-bugs: overhaul Message-ID: <20220609170102.GC9541@1wt.eu> References: <20220606194850.26122-1-vegard.nossum@oracle.com> <20220607090726.GB32282@willie-the-truck> <20220609145127.GD3064@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220609145127.GD3064@willie-the-truck> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A few quick points below. On Thu, Jun 09, 2022 at 03:51:27PM +0100, Will Deacon wrote: > > "calendar days" -- this got changed just to make it more readable. Maybe > > it's just me and my personal experience, but this wording seemed > > redundant. Why would "day" default to anything but a calendar day except > > in a business setting (which this is not)? > > In the past, people were unclear as to whether this included weekends, > public holidays etc and so being explicit helps. In fact that's often the problem between what is known from insiders and what is understood outside. The original 5 days used to allow to include a Monday's fix into the Sunday's -rc. It then extended to 7 days to improve the likelyhood that participants involved the first day were available on the release day, but that was always implicitly "calendar days" or at least reminded as such during private discussions. But with more and more professionals reporting bugs as part of their job, the risk that this is implicitly understood with work days is much more present nowadays and I think it's worth being explicit here. > > "extension to 14 calendar days" -- I changed this after comments from > > Willy who said too many people took this to mean that 7 days was the > > norm and that 14 days was still an acceptable proposal in most cases. I > > _think_ (but I'm not sure) that 14 days is not even really the absolute > > maximum, depending on the severity of the bug. > > The current text says: > > | ... an exceptional extension to 14 calendar days if it is agreed that > | the criticality of the bug requires more time. The only valid reason > | for deferring the publication of a fix is to accommodate the logistics > | of QA and large scale rollouts which require release coordination. > > which I think is pretty clear; it states the single criterion under which > an exceptional extension to 14 days will be considered. There's no mention > of this in the rewrite. Indeed, it's important to keep that sentence to make sure reporters do not count on that upfront. > The current document is clear that any > agreed embargo begins only from the point where we have a robust fix: > > | Once a robust fix has been developed, the release process starts. > > This is important -- if distributions mistakenly think that they have a > maximum of seven days to describe the problem, involve the right people, > iterate on a patch, backport it, test it and deploy it then they'll do > all of this in private and just notify security@ at the end, at which > point it's either a waste of time or the patch is found not to be as > robust as they thought because the right people weren't involved. This part is particularly important and is indeed at the core of some of the recent trouble. We need to make it clearer that it can take more time to develop a fix, possibly adding more and more people, but that once the fix is confirmed, the process starts and the only reason for an embargo is QA/rollout (which explains why there's no reason for a long embargo since everything is ready). But that brings back the concern that if we suggest that the reporter contacts linux-distros after the fix is ready, he may be bound by a 2-week embargo (unless it's fine to cut it to one week max by default). We need to make sure to limit friction because many reporters are first-timers and it's really unpleasant for them to be bounced between lists with different policies and being told they can't ask for this or that. > > It's always possible to go into more detail about what "robust" means > > exactly or who makes this decision (and how), but I think brevity does a > > lot to keep things readable. > > What exactly is unreadable with the current doc? I don't think there's anything unreadable, however both you (Will) and me are on the list and have implicit knowledge of certain things. Vegard is not and his perception is useful because it's closer to the one from a reporter who tries to find their way through all this. Even a feeling like "it's too difficult to grasp" can be listened to IMHO. Just my two cents, Willy