Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce30f264 authored by Willy Tarreau's avatar Willy Tarreau Committed by Linus Torvalds
Browse files

MAINTAINERS: clarify that only verified bugs should be submitted to security@ 



We're seeing a raise of automated reports from testing tools and reports
about address leaks that are not really exploitable as-is, many of which
do not represent an immediate risk justifying to work in closed places.

Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 5132ede0

MAINTAINERS

+9 −1
Original line number Diff line number Diff line
@@ -62,7 +62,15 @@ trivial patch so apply some common sense. 


7.	When sending security related changes or reports to a maintainer

	please Cc: security@kernel.org, especially if the maintainer

	does not respond.

	does not respond. Please keep in mind that the security team is

	a small set of people who can be efficient only when working on

	verified bugs. Please only Cc: this list when you have identified

	that the bug would present a short-term risk to other users if it

	were publicly disclosed. For example, reports of address leaks do

	not represent an immediate threat and are better handled publicly,

	and ideally, should come with a patch proposal. Please do not send

	automated reports to this list either. Such bugs will be handled

	better and faster in the usual public places.



8.	Happy hacking.