Documentation/process update for 5.4-rc1
Here are 2 small Documentation/process/embargoed-hardware-issues.rst file updates that missed my previous char/misc pull request for 5.4-rc1. The first one adds an Intel representative for the process, and the second one cleans up the text a bit more when it comes to how the disclosure rules work, as it was a bit confusing to some companies. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXZCMVg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ymk1QCfarO6D7Wj/eg/BPSSkP/dgaLMog8AoLBJiBmz 2ErEIjIqV0J/e3QYud8G =qUtH -----END PGP SIGNATURE----- Merge tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull Documentation/process update from Greg KH: "Here are two small Documentation/process/embargoed-hardware-issues.rst file updates that missed my previous char/misc pull request. The first one adds an Intel representative for the process, and the second one cleans up the text a bit more when it comes to how the disclosure rules work, as it was a bit confusing to some companies" * tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Documentation/process: Clarify disclosure rules Documentation/process: Volunteer as the ambassador for Intel
This commit is contained in:
commit
97f9a3c4ee
|
@ -143,6 +143,20 @@ via their employer, they cannot enter individual non-disclosure agreements
|
||||||
in their role as Linux kernel developers. They will, however, agree to
|
in their role as Linux kernel developers. They will, however, agree to
|
||||||
adhere to this documented process and the Memorandum of Understanding.
|
adhere to this documented process and the Memorandum of Understanding.
|
||||||
|
|
||||||
|
The disclosing party should provide a list of contacts for all other
|
||||||
|
entities who have already been, or should be, informed about the issue.
|
||||||
|
This serves several purposes:
|
||||||
|
|
||||||
|
- The list of disclosed entities allows communication accross the
|
||||||
|
industry, e.g. other OS vendors, HW vendors, etc.
|
||||||
|
|
||||||
|
- The disclosed entities can be contacted to name experts who should
|
||||||
|
participate in the mitigation development.
|
||||||
|
|
||||||
|
- If an expert which is required to handle an issue is employed by an
|
||||||
|
listed entity or member of an listed entity, then the response teams can
|
||||||
|
request the disclosure of that expert from that entity. This ensures
|
||||||
|
that the expert is also part of the entity's response team.
|
||||||
|
|
||||||
Disclosure
|
Disclosure
|
||||||
""""""""""
|
""""""""""
|
||||||
|
@ -158,10 +172,7 @@ Mitigation development
|
||||||
""""""""""""""""""""""
|
""""""""""""""""""""""
|
||||||
|
|
||||||
The initial response team sets up an encrypted mailing-list or repurposes
|
The initial response team sets up an encrypted mailing-list or repurposes
|
||||||
an existing one if appropriate. The disclosing party should provide a list
|
an existing one if appropriate.
|
||||||
of contacts for all other parties who have already been, or should be,
|
|
||||||
informed about the issue. The response team contacts these parties so they
|
|
||||||
can name experts who should be subscribed to the mailing-list.
|
|
||||||
|
|
||||||
Using a mailing-list is close to the normal Linux development process and
|
Using a mailing-list is close to the normal Linux development process and
|
||||||
has been successfully used in developing mitigations for various hardware
|
has been successfully used in developing mitigations for various hardware
|
||||||
|
@ -175,9 +186,24 @@ development branch against the mainline kernel and backport branches for
|
||||||
stable kernel versions as necessary.
|
stable kernel versions as necessary.
|
||||||
|
|
||||||
The initial response team will identify further experts from the Linux
|
The initial response team will identify further experts from the Linux
|
||||||
kernel developer community as needed and inform the disclosing party about
|
kernel developer community as needed. Bringing in experts can happen at any
|
||||||
their participation. Bringing in experts can happen at any time of the
|
time of the development process and needs to be handled in a timely manner.
|
||||||
development process and often needs to be handled in a timely manner.
|
|
||||||
|
If an expert is employed by or member of an entity on the disclosure list
|
||||||
|
provided by the disclosing party, then participation will be requested from
|
||||||
|
the relevant entity.
|
||||||
|
|
||||||
|
If not, then the disclosing party will be informed about the experts
|
||||||
|
participation. The experts are covered by the Memorandum of Understanding
|
||||||
|
and the disclosing party is requested to acknowledge the participation. In
|
||||||
|
case that the disclosing party has a compelling reason to object, then this
|
||||||
|
objection has to be raised within five work days and resolved with the
|
||||||
|
incident team immediately. If the disclosing party does not react within
|
||||||
|
five work days this is taken as silent acknowledgement.
|
||||||
|
|
||||||
|
After acknowledgement or resolution of an objection the expert is disclosed
|
||||||
|
by the incident team and brought into the development process.
|
||||||
|
|
||||||
|
|
||||||
Coordinated release
|
Coordinated release
|
||||||
"""""""""""""""""""
|
"""""""""""""""""""
|
||||||
|
@ -216,7 +242,7 @@ an involved disclosed party. The current ambassadors list:
|
||||||
ARM
|
ARM
|
||||||
AMD
|
AMD
|
||||||
IBM
|
IBM
|
||||||
Intel
|
Intel Tony Luck <tony.luck@intel.com>
|
||||||
Qualcomm Trilok Soni <tsoni@codeaurora.org>
|
Qualcomm Trilok Soni <tsoni@codeaurora.org>
|
||||||
|
|
||||||
Microsoft Sasha Levin <sashal@kernel.org>
|
Microsoft Sasha Levin <sashal@kernel.org>
|
||||||
|
|
Loading…
Reference in New Issue