[all-commits] [llvm/llvm-project] c9dbaa: [docs] Describe reporting security issues on the c...
Ahmed Bougacha via All-commits
all-commits at lists.llvm.org
Wed May 19 15:22:47 PDT 2021
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: c9dbaa4c86d29f891e2c30af787dfb74b9e83ed9
https://github.com/llvm/llvm-project/commit/c9dbaa4c86d29f891e2c30af787dfb74b9e83ed9
Author: Ahmed Bougacha <ahmed at bougacha.org>
Date: 2021-05-19 (Wed, 19 May 2021)
Changed paths:
A SECURITY.md
M llvm/docs/GettingInvolved.rst
M llvm/docs/Security.rst
Log Message:
-----------
[docs] Describe reporting security issues on the chromium tracker.
To track security issues, we're starting with the chromium bug tracker
(using the llvm project there).
We considered using Github Security Advisories. However, they are
currently intended as a way for project owners to publicize their
security advisories, and aren't well-suited to reporting issues.
This also moves the issue-reporting paragraph to the beginning of the
document, in part to make it more discoverable, in part to allow the
anchor-linking to actually display the paragraph at the top of the page.
Note that this doesn't update the concrete list of security-sensitive
areas, which is still an open item. When we do, we may want to move the
list of security-sensitive areas next to the issue-reporting paragraph
as well, as it seems like relevant information needed in the reporting
process.
Finally, when describing the discission medium, this splits the topics
discussed into two: the concrete security issues, discussed in the
issue tracker, and the logistics of the group, in our mailing list,
as patches on public lists, and in the monthly sync-up call.
While there, add a SECURITY.md page linking to the relevant paragraph.
Differential Revision: https://reviews.llvm.org/D100873
More information about the All-commits
mailing list