[all-commits] [llvm/llvm-project] c9dbaa: [docs] Describe reporting security issues on the c...

Ahmed Bougacha via All-commits all-commits at lists.llvm.org
Wed May 19 15:22:47 PDT 2021


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: c9dbaa4c86d29f891e2c30af787dfb74b9e83ed9
      https://github.com/llvm/llvm-project/commit/c9dbaa4c86d29f891e2c30af787dfb74b9e83ed9
  Author: Ahmed Bougacha <ahmed at bougacha.org>
  Date:   2021-05-19 (Wed, 19 May 2021)

  Changed paths:
    A SECURITY.md
    M llvm/docs/GettingInvolved.rst
    M llvm/docs/Security.rst

  Log Message:
  -----------
  [docs] Describe reporting security issues on the chromium tracker.

To track security issues, we're starting with the chromium bug tracker
(using the llvm project there).

We considered using Github Security Advisories.  However, they are
currently intended as a way for project owners to publicize their
security advisories, and aren't well-suited to reporting issues.

This also moves the issue-reporting paragraph to the beginning of the
document, in part to make it more discoverable, in part to allow the
anchor-linking to actually display the paragraph at the top of the page.

Note that this doesn't update the concrete list of security-sensitive
areas, which is still an open item.  When we do, we may want to move the
list of security-sensitive areas next to the issue-reporting paragraph
as well, as it seems like relevant information needed in the reporting
process.

Finally, when describing the discission medium, this splits the topics
discussed into two: the concrete security issues, discussed in the
issue tracker, and the logistics of the group, in our mailing list,
as patches on public lists, and in the monthly sync-up call.

While there, add a SECURITY.md page linking to the relevant paragraph.

Differential Revision: https://reviews.llvm.org/D100873




More information about the All-commits mailing list