• Dave Hansen's avatar
    docs: clarify security-bugs disclosure policy · 7f5d465f
    Dave Hansen authored
    I think we need to soften the language a bit.  It might scare folks
    off, especially the:
    
    	 We prefer to fully disclose the bug as soon as possible.
    
    which is not really the case.  Linus says:
    
    	It's not full disclosure, it's not coordinated disclosure,
    	and it's not "no disclosure".  It's more like just "timely
    	open fixes".
    
    I changed a bit of the wording in here, but mostly to remove the word
    "disclosure" since it seems to mean very specific things to people
    that we do not mean here.
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Reviewed-by: default avatarDan Williams <dan.j.williams@intel.com>
    Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
    Cc: Andrea Arcangeli <aarcange@redhat.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Tim Chen <tim.c.chen@linux.intel.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Mark Rutland <mark.rutland@arm.com>
    Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
    7f5d465f
security-bugs.rst 3.37 KB