MAINTAINERS: clarify that only verified bugs should be submitted to security@

We're seeing a raise of automated reports from testing tools and reports about address leaks that are not really exploitable as-is, many of which do not represent an immediate risk justifying to work in closed places. Signed-off-by: Willy Tarreau <w@1wt.eu> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Willy Tarreau <w@1wt.eu> 2018-01-04 08:31:25 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-01-24 13:05:53 -0500
commit: ce30f264b33d9e3d27e34638976c52b578648b92 (patch)
tree: 46dfac91608bfabab17164803481de984e1a58b6
parent: 5132ede0fe8092b043dae09a7cc32b8ae7272baa (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index e3581413420c..fec88c5ccedf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -62,7 +62,15 @@ trivial patch so apply some common sense.
 7.      When sending security related changes or reports to a maintainer
        please Cc: security@kernel.org, especially if the maintainer
-        does not respond.
+        does not respond. Please keep in mind that the security team is
+        a small set of people who can be efficient only when working on
+        verified bugs. Please only Cc: this list when you have identified
+        that the bug would present a short-term risk to other users if it
+        were publicly disclosed. For example, reports of address leaks do
+        not represent an immediate threat and are better handled publicly,
+        and ideally, should come with a patch proposal. Please do not send
+        automated reports to this list either. Such bugs will be handled
+        better and faster in the usual public places.
 8.      Happy hacking.
author	Willy Tarreau <w@1wt.eu>	2018-01-04 08:31:25 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-01-24 13:05:53 -0500
commit	ce30f264b33d9e3d27e34638976c52b578648b92 (patch)
tree	46dfac91608bfabab17164803481de984e1a58b6
parent	5132ede0fe8092b043dae09a7cc32b8ae7272baa (diff)

diff --git a/MAINTAINERS b/MAINTAINERS index e3581413420c..fec88c5ccedf 100644 --- a/MAINTAINERS +++ b/MAINTAINERS
@@ -62,7 +62,15 @@ trivial patch so apply some common sense.
62		62
63	7. When sending security related changes or reports to a maintainer	63	7. When sending security related changes or reports to a maintainer
64	please Cc: security@kernel.org, especially if the maintainer	64	please Cc: security@kernel.org, especially if the maintainer
65	does not respond.	65	does not respond. Please keep in mind that the security team is
		66	a small set of people who can be efficient only when working on
		67	verified bugs. Please only Cc: this list when you have identified
		68	that the bug would present a short-term risk to other users if it
		69	were publicly disclosed. For example, reports of address leaks do
		70	not represent an immediate threat and are better handled publicly,
		71	and ideally, should come with a patch proposal. Please do not send
		72	automated reports to this list either. Such bugs will be handled
		73	better and faster in the usual public places.
66		74
67	8. Happy hacking.	75	8. Happy hacking.
68		76