Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

From: Linus Torvalds
Date: Fri Mar 09 2018 - 16:15:38 EST

Next message: Henrik Rydberg: "Re: [PATCH v3] input: bcm5974 - Add driver for Apple Magic Trackpad 2"
Previous message: kernel test robot: "94d3a25408: kernel_BUG_at_kernel/fork.c"
In reply to: Alan Cox: "Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
>
> If you want to be taken seriously then I think minimum you also need to
> - Give a GPG key for messages to the list

Oh, I don't want to be taken seriously by people who use gpg encrypted email.

It's garbage and should be shunned as such.

I keep quoting this:

https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp

and anybody who thinks pgp encrypted email is fine is a clown.

> - State what security is in place (encryption etc) to protect the list
> itself

That could be stated, but it's worth noting the other rules.

If you have some long corrupt vendor disclosure period and are worried
about any good guys finding out (the bad guys probably already have
it), we're not the list for you anyway.

Keep your "we'll keep security problems under wraps so that they can
be exploited for a long time" emails to yourself, or send them to
/dev/null.

Linus

Next message: Henrik Rydberg: "Re: [PATCH v3] input: bcm5974 - Add driver for Apple Magic Trackpad 2"
Previous message: kernel test robot: "94d3a25408: kernel_BUG_at_kernel/fork.c"
In reply to: Alan Cox: "Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]