MAINTAINERS: clarify that only verified bugs should be submitted to security@

We're seeing a raise of automated reports from testing tools and reports about address leaks that are not really exploitable as-is, many of which do not represent an immediate risk justifying to work in closed places. Signed-off-by: N Willy Tarreau <w@1wt.eu> Acked-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>

MAINTAINERS: clarify that only verified bugs should be submitted to security@
We're seeing a raise of automated reports from testing tools and reports about address leaks that are not really exploitable as-is, many of which do not represent an immediate risk justifying to work in closed places. Signed-off-by: N Willy Tarreau <w@1wt.eu> Acked-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>
ce30f264 · Willy Tarreau · Linus Torvalds · 5132ede0 · ce30f264
隐藏空白更改
内联并排

Showing with 9 addition and 1 deletion

MAINTAINERS MAINTAINERS +9 -1

未找到文件。
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -62,7 +62,15 @@ trivial patch so apply some common sense.

 7.	When sending security related changes or reports to a maintainer
 	please Cc: security@kernel.org, especially if the maintainer
-	does not respond.
+	does not respond. Please keep in mind that the security team is
+	a small set of people who can be efficient only when working on
+	verified bugs. Please only Cc: this list when you have identified
+	that the bug would present a short-term risk to other users if it
+	were publicly disclosed. For example, reports of address leaks do
+	not represent an immediate threat and are better handled publicly,
+	and ideally, should come with a patch proposal. Please do not send
+	automated reports to this list either. Such bugs will be handled
+	better and faster in the usual public places.

 8.	Happy hacking.