Documentation/process update for 5.4-rc1

Here are 2 small Documentation/process/embargoed-hardware-issues.rst
 file updates that missed my previous char/misc pull request for 5.4-rc1.
 
 The first one adds an Intel representative for the process, and the
 second one cleans up the text a bit more when it comes to how the
 disclosure rules work, as it was a bit confusing to some companies.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXZCMVg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymk1QCfarO6D7Wj/eg/BPSSkP/dgaLMog8AoLBJiBmz
 2ErEIjIqV0J/e3QYud8G
 =qUtH
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull Documentation/process update from Greg KH:
 "Here are two small Documentation/process/embargoed-hardware-issues.rst
  file updates that missed my previous char/misc pull request.

  The first one adds an Intel representative for the process, and the
  second one cleans up the text a bit more when it comes to how the
  disclosure rules work, as it was a bit confusing to some companies"

* tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  Documentation/process: Clarify disclosure rules
  Documentation/process: Volunteer as the ambassador for Intel
This commit is contained in:
Linus Torvalds 2019-09-29 19:52:52 -07:00
commit 97f9a3c4ee
1 changed files with 34 additions and 8 deletions

View File

@ -143,6 +143,20 @@ via their employer, they cannot enter individual non-disclosure agreements
in their role as Linux kernel developers. They will, however, agree to in their role as Linux kernel developers. They will, however, agree to
adhere to this documented process and the Memorandum of Understanding. adhere to this documented process and the Memorandum of Understanding.
The disclosing party should provide a list of contacts for all other
entities who have already been, or should be, informed about the issue.
This serves several purposes:
- The list of disclosed entities allows communication accross the
industry, e.g. other OS vendors, HW vendors, etc.
- The disclosed entities can be contacted to name experts who should
participate in the mitigation development.
- If an expert which is required to handle an issue is employed by an
listed entity or member of an listed entity, then the response teams can
request the disclosure of that expert from that entity. This ensures
that the expert is also part of the entity's response team.
Disclosure Disclosure
"""""""""" """"""""""
@ -158,10 +172,7 @@ Mitigation development
"""""""""""""""""""""" """"""""""""""""""""""
The initial response team sets up an encrypted mailing-list or repurposes The initial response team sets up an encrypted mailing-list or repurposes
an existing one if appropriate. The disclosing party should provide a list an existing one if appropriate.
of contacts for all other parties who have already been, or should be,
informed about the issue. The response team contacts these parties so they
can name experts who should be subscribed to the mailing-list.
Using a mailing-list is close to the normal Linux development process and Using a mailing-list is close to the normal Linux development process and
has been successfully used in developing mitigations for various hardware has been successfully used in developing mitigations for various hardware
@ -175,9 +186,24 @@ development branch against the mainline kernel and backport branches for
stable kernel versions as necessary. stable kernel versions as necessary.
The initial response team will identify further experts from the Linux The initial response team will identify further experts from the Linux
kernel developer community as needed and inform the disclosing party about kernel developer community as needed. Bringing in experts can happen at any
their participation. Bringing in experts can happen at any time of the time of the development process and needs to be handled in a timely manner.
development process and often needs to be handled in a timely manner.
If an expert is employed by or member of an entity on the disclosure list
provided by the disclosing party, then participation will be requested from
the relevant entity.
If not, then the disclosing party will be informed about the experts
participation. The experts are covered by the Memorandum of Understanding
and the disclosing party is requested to acknowledge the participation. In
case that the disclosing party has a compelling reason to object, then this
objection has to be raised within five work days and resolved with the
incident team immediately. If the disclosing party does not react within
five work days this is taken as silent acknowledgement.
After acknowledgement or resolution of an objection the expert is disclosed
by the incident team and brought into the development process.
Coordinated release Coordinated release
""""""""""""""""""" """""""""""""""""""
@ -216,7 +242,7 @@ an involved disclosed party. The current ambassadors list:
ARM ARM
AMD AMD
IBM IBM
Intel Intel Tony Luck <tony.luck@intel.com>
Qualcomm Trilok Soni <tsoni@codeaurora.org> Qualcomm Trilok Soni <tsoni@codeaurora.org>
Microsoft Sasha Levin <sashal@kernel.org> Microsoft Sasha Levin <sashal@kernel.org>