Re: [PATCH] docs: embargoed-hardware-issues: add embargoed HW contact for Samsung

[Luis Chamberlain]

On Tue, Jan 24, 2023 at 06:20:46AM +0100, Greg KH wrote:
> On Tue, Jan 24, 2023 at 02:39:53AM +0000, Matthew Wilcox wrote:
> > On Mon, Jan 23, 2023 at 01:48:03PM -0800, Luis Chamberlain wrote:
> > > > > @@ -251,6 +251,7 @@ an involved disclosed party. The current ambassadors list:
> > > > >    IBM Z		Christian Borntraeger <borntraeger@xxxxxxxxxx>
> > > > >    Intel		Tony Luck <tony.luck@xxxxxxxxx>
> > > > >    Qualcomm	Trilok Soni <tsoni@xxxxxxxxxxxxxx>
> > > > > +  Samsung       Javier González <javier.gonz@xxxxxxxxxxx>
> > > 
> > > I'll send a fix on v2.
> > > 
> > > BTW while at it, it got me wondering, since most of the emails on
> > > this hw embargo page are not required to have kernel.org accounts
> > 
> > This isn't the list of hw embargo people.  This is the list of
> > "ambassadors" who can help people work through the security disclosure
> > process.  My impression is that it's to tell me that I should contact
> > Konrad, since he also works at Oracle, to help me through the process.
> > It's not for people outside Oracle to contact.
> > 
> > If I have the wrong impression of that list, perhaps the description
> > could be clarified.
> 
> That is correct, but it is primarily a list that I use when needing to
> contact companies about potential issues in their hardware. 

That is the impression I gathered.

> For that I
> don't need a GPG key, that's only required if they need to get added to
> a secure mailing list, and at that point I can have a key sent to me, it
> does not have to be in our kernel.org keyring at all (and list
> participants usually are not there.)

That might be useful to explain in the documentation.

> So there's no need for any of these addresses to be part of the kernel
> gpg ring of trust for any of their activities.

Sounds good.

  Luis