Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5534563ybf; Thu, 5 Mar 2020 02:25:52 -0800 (PST) X-Google-Smtp-Source: ADFU+vvY0v7ukT5+iB08CVX1+xg6LrCv/d5CDfB+ViqoskuM0Vlr6HYzS/REAeQOPvY1GTOetybj X-Received: by 2002:aca:5f87:: with SMTP id t129mr5179838oib.36.1583403952287; Thu, 05 Mar 2020 02:25:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583403952; cv=none; d=google.com; s=arc-20160816; b=FU88S7T/S6E3jnJ5FsjsvKA9n2rPxyhAngoy4/54nCV+szp/6Ur41rPvdWy+D8Z8O1 Z40Iq00XTh3OtUuA54B4oeV7ZZBfWe7VMYzaTZi0GRkf7b/mwFa4kdCr1PZZZOiXUf4t zQHvHwbYTdF4zRdVHisu77mXTxj0NN4MNwFd1D9jvOiLSWIt+b/nEWURLEcoeVK9DAL3 iPCyied/4ZD4UtiJsv5gi2BdXJ8GLeaibU1CUtp7faDWhnaAMt9+W/Svc3KJk0+rOxtv +DNOwyJaDbbq9mzNd73gzB3BvRrxfRh0+hqRm3NFfXiIfIoEKDxbLIc1gJ8fHPf8zM5I ceYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version:dkim-signature; bh=7v2qakqZLXTnR2+lwRs7AvWKSbDWJBDIvfkxAASUMSY=; b=DWCaE0ZvQXLd25lw8iw7ufoYNucl1jD97X9eFEL2lsPgcYe2xbzPXBB4NFUrJirbUI 2eoanhLQ5bx3Phylk0WKbqhZiDmUrqA3BXSG9BR87IpxdFzvDV35f9Nxdmkkke5GwyPV vShij2R2KPgCB1f0LlJe7Oi/grNyBZac2ki/2CELLbbFm45xx1x96FJSIGqMi2Ys9U5W 5TKS/oVdAZ2IbLV/LGjz2iqLf9Po1Jbl16+UW0MlgA8StDPa7NLlUcsfSY9SxpIQi7aU vzJwrMMaC+j0PjIvX9jPtEqQkrE2XU6tfnQnJyK4htR9mROSXUxgGxEEAhYosAKk6zmv ze2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DfXIgglA; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u205si3181319oie.125.2020.03.05.02.25.27; Thu, 05 Mar 2020 02:25:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DfXIgglA; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726049AbgCEKZX (ORCPT + 99 others); Thu, 5 Mar 2020 05:25:23 -0500 Received: from mail-lj1-f178.google.com ([209.85.208.178]:37574 "EHLO mail-lj1-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726048AbgCEKZX (ORCPT ); Thu, 5 Mar 2020 05:25:23 -0500 Received: by mail-lj1-f178.google.com with SMTP id q23so5448108ljm.4 for ; Thu, 05 Mar 2020 02:25:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7v2qakqZLXTnR2+lwRs7AvWKSbDWJBDIvfkxAASUMSY=; b=DfXIgglAOKC4B/icphXgNJsSQuiEkt/2sj7J1lqgrv+St/5FX7/VNm90UCWVwGrpb7 5o0VPiDMGUsSCXLYMVrTOD9XjDWPvL4BjZyXCkF1vZX9U+VWokvkqOAxZv/ZyHZI3McI 2GgXd8aoPv5nj2JfXx/4L5gaVm1TaW+MZ63q/2vuTVC2usSh0IohUs8AotOK6lX79cGQ 4rIj3445hvEr3mUoLpz/0wF0xy1RWf0VddmWq93q/SWPhGnFSjGcmQifSVANN59HPZC1 cKTMZFY0GXdrTciQgTFyR/lHI3zTFat3MOuOPNN4viD1LrFp8dZDKbcKHo/m2qAR64s8 SOgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7v2qakqZLXTnR2+lwRs7AvWKSbDWJBDIvfkxAASUMSY=; b=DahmOTCP7D0YzJkqPj+2DOOjARNUvac9afuCrEQjdT/s3fQxGHWrt7C2DfsJGog3v5 ezpNIKFsUjnRqv/JC6wAC1MRxaiBX3nqAHAxoYyUJt0uoEvvxqfTjCM78JTidfNcET52 AHgcM3kROhWlFTsqhwTo3kzmq/7rFFzF6K+8v+UYMxus7snTti9l0QkTS5ofrTDObcMG kys2V8oROpeIePe16OFV32Wq6hFxqVAmhZB4H0CSW1TSWOpRKlW/2X6WE9z9J1B+UDVC W+kjHr6WF0H9ocIJulh3wUaewh00AlO/uc3UgOvV5ZAD+6O7wBWwzzPgw/XInkiYLcmn m/6A== X-Gm-Message-State: ANhLgQ0W6o9ya4tXecPxIHAOQaeiVjhPaEHbfDEtI3GoeM5L0gor1DI4 tfT9lemon+CVs8cz+gmzzg5s51mTcR6Q+wTvEqxR7nZiH2w= X-Received: by 2002:a2e:9dc8:: with SMTP id x8mr4843455ljj.38.1583403921103; Thu, 05 Mar 2020 02:25:21 -0800 (PST) MIME-Version: 1.0 From: Anatoly Trosinenko Date: Thu, 5 Mar 2020 13:25:10 +0300 Message-ID: Subject: On reporting issues with potential security implications To: linux-bluetooth@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hello, Many projects have some private mail list or some other policies for reporting issues with possible security implications. I mean some bugs that the reporter cannot qualify for sure as a "safe to publicly disclose" (still, they can turn out to be not security-related after review). BlueZ, on the other hand, has a policy of "never write to them [developers] directly" and no easily grep-able guidelines on reporting possibly security-related issues. So, what is the preferred way for reporting such things? Best regards Anatoly