[PATCH] D70326: [docs] LLVM Security Group and Process
JF Bastien via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jan 7 21:38:28 PST 2020
jfb added a comment.
In D70326#1750434 <https://reviews.llvm.org/D70326#1750434>, @efriedma wrote:
> We should explicitly state that patches to LLVM sent to the group are subject to the standard LLVM developer policy/license. This is important so members of the security group can use any patches.
>
> We should prominently state that all messages and attachments will be publicly disclosed after any embargo expires. This is important so issue reporters don't send code under NDAs/etc.
I'm not aware of projects pointing out their contribution policy in a different manner for security patches. Certainly we want the contributor policy to be prominent, for example if we use GitHub we can add a `CONTRIBUTING.md` file to do this. I'm just not sure I understand how it should be different for the purpose of security issues.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70326/new/
https://reviews.llvm.org/D70326
More information about the llvm-commits
mailing list