[all-commits] [llvm/llvm-project] 0e324b: [DOCS] Remove bullet point on improving security o...

Peter Smith via All-commits all-commits at lists.llvm.org
Wed Dec 18 00:41:42 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 0e324b3f953d62527690b1cb44d95fcb3ec0512c
      https://github.com/llvm/llvm-project/commit/0e324b3f953d62527690b1cb44d95fcb3ec0512c
  Author: Peter Smith <peter.smith at arm.com>
  Date:   2024-12-18 (Wed, 18 Dec 2024)

  Changed paths:
    M llvm/docs/Security.rst

  Log Message:
  -----------
  [DOCS] Remove bullet point on improving security over time. (#116980)

Remove the 6th bullet point "Strive to improve security over time, for
example by adding additional testing, fuzzing and hardening after fixing
issues."

At the security group meeting on 2024-11-19 we discussed the role the
security group was performing in practice. We are in effect acting as a
security response group, dealing with issues raised via the process
given in the LLVM Security group page. We are not proactively adding
additional testing fuzzing and hardening. While this could be considered
an aspirational goal, it may give the implication that the LLVM Security
Group is handling or at worst guaranteeing security for the LLVM project
when in practice it is not.

Meeting notes:

https://discourse.llvm.org/t/llvm-security-group-public-sync-ups/62735/32



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications


More information about the All-commits mailing list