[PATCH 4/4] Documentation/process: add transparency promise to list subscription

From: Dave Hansen
Date: Tue Sep 10 2019 - 13:26:55 EST

Next message: Mehta, Sohil: "Re: [PATCH] iommu/vt-d: Add Scalable Mode fault information"
Previous message: Dave Hansen: "[PATCH 3/4] Documentation/process: soften language around conference talk dates"
In reply to: Greg KH: "Re: [PATCH 3/4] Documentation/process: soften language around conference talk dates"
Next in thread: Greg KH: "Re: [PATCH 4/4] Documentation/process: add transparency promise to list subscription"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>

Transparency is good. It it essential for everyone working under an
embargo to know who is involved and who else is a "knower". Being
transparent allows everyone to always make informed decisions about
ongoing participating in a mitigation effort.

Add a step to the subscription process which will notify existing
subscribers when a new one is added.

While I think this is good for everyone, this patch represents my
personal opinion and not that of my employer.

Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Sasha Levin <sashal@xxxxxxxxxx>
Cc: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Laura Abbott <labbott@xxxxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: Trilok Soni <tsoni@xxxxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: linux-doc@xxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Acked-by: Dan Williams <dan.j.williams@xxxxxxxxx>
Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
---

b/Documentation/process/embargoed-hardware-issues.rst | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)

diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-2 Documentation/process/embargoed-hardware-issues.rst
--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-2 2019-09-10 09:58:47.989476197 -0700
+++ b/Documentation/process/embargoed-hardware-issues.rst 2019-09-10 09:58:47.992476197 -0700
@@ -276,10 +276,11 @@ certificate. If a PGP key is used, it mu
server and is ideally connected to the Linux kernel's PGP web of trust. See
also: https://www.kernel.org/signature.html.

-The response team verifies that the subscriber request is valid and adds
-the subscriber to the list. After subscription the subscriber will receive
-email from the mailing-list which is signed either with the list's PGP key
-or the list's S/MIME certificate. The subscriber's email client can extract
-the PGP key or the S/MIME certificate from the signature so the subscriber
-can send encrypted email to the list.
+The response team verifies that the subscriber request is valid, adds the
+subscriber to the list, and notifies the existing list subscribers
+including the disclosing party. After subscription the subscriber will
+receive email from the mailing-list which is signed either with the list's
+PGP key or the list's S/MIME certificate. The subscriber's email client can
+extract the PGP key or the S/MIME certificate from the signature so the
+subscriber can send encrypted email to the list.

_

Next message: Mehta, Sohil: "Re: [PATCH] iommu/vt-d: Add Scalable Mode fault information"
Previous message: Dave Hansen: "[PATCH 3/4] Documentation/process: soften language around conference talk dates"
In reply to: Greg KH: "Re: [PATCH 3/4] Documentation/process: soften language around conference talk dates"
Next in thread: Greg KH: "Re: [PATCH 4/4] Documentation/process: add transparency promise to list subscription"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]