Re: Proper procedure for reporting possible security vulnerabilities?

From: Werner Almesberger
Date: Mon Jan 17 2005 - 18:07:33 EST


Chris Wright wrote:
> +SECURITY CONTACT
> +P: Security Officers
> +M: kernel-security@{osdl.org, vger.kernel.org, wherever}
> +S: Supported

If you mean this in the sense of "choose one, then put it here",
this looks good. If you're suggesting multiple choices, to be
made by the bug reporter, I'm not so sure.

A single contact point, preferably with a human being that can
confirm that the message has been received and understood, and
indicate that there's now somebody taking care of it who knows
what to do (which may just be forwarding it to someone else or
some list, and monitoring the reaction), should be useful.

- Werner

--
_________________________________________________________________________
/ Werner Almesberger, Buenos Aires, Argentina wa@xxxxxxxxxxxxxxx /
/_http://www.almesberger.net/____________________________________________/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/