[PATCH] D70326: [docs] LLVM Security Group and Process

JF Bastien via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 10 11:24:23 PDT 2020 

jfb updated this revision to Diff 277107.
jfb marked 14 inline comments as done.
jfb added a comment.

Address more comments, add names.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D70326/new/

https://reviews.llvm.org/D70326

Files:
  llvm/docs/Contributing.rst
  llvm/docs/HowToSubmitABug.rst
  llvm/docs/Security.rst
  llvm/docs/index.rst


Index: llvm/docs/index.rst
===================================================================
--- llvm/docs/index.rst
+++ llvm/docs/index.rst
@@ -85,7 +85,7 @@
 
   Reporting a security issue
 
-* :ref:`How to report a security issue?`
+* :ref:`report-security-issue`
 
 Indices and tables
 ==================
Index: llvm/docs/Security.rst
===================================================================
--- llvm/docs/Security.rst
+++ llvm/docs/Security.rst
@@ -19,12 +19,26 @@
 Group Composition
 =================
 
-Initial group
--------------
-
-The initial security group will start small and grow following the process established below. The LLVM Board will pick 10 community members. These members shall represent a wide cross-section of the community, and meet the criteria for inclusion below.
-
-*FUTURE*: where we maintain a list of current Security Group members can be decided later.
+Security Group Members
+----------------------
+
+The members of the group represent a wide cross-section of the community, and meet the criteria for inclusion below.
+
+* Akila Srinivasan (Apple)
+* Dimitry Andric (invidual; FreeBSD)
+* Ed Maste (individual; FreeBSD)
+* JF Bastien (Apple)
+* Josh Eads (Sony)
+* Kristof Beyls (ARM)
+* Matthew Riley (Google)
+* Oliver Hunt (Apple)
+* Paul Robinson (Sony)
+* Peter Smith (ARM)
+* Philip Reames (Azul Systems Inc)
+* Pietro Albini (individual; Rust)
+* Serge Guelton (RedHat)
+* Shayne Hiet-Block (Microsoft)
+* Steve Klabnik (Oxide Computer Company; Rust)
 
 Criteria
 --------
@@ -182,7 +196,14 @@
 The security-sensitive parts of the LLVM Project currently are:
 
 * None (this process is new, the list hasn't been populated yet)
+* *FUTURE*: this section will be expanded.
+
+The parts of the LLVM Project which are currently treated as non-security sensitive are:
+
+* Language front-ends, such as clang, for which a malicious input file can cause undesirable behavior. For example, a maliciously-crafter C or Rust source file can cause arbitrary code to execute in LLVM. These parts of LLVM haven't been hardened, and compiling untrusted code usually also includes running utilities such as `make` which can more readily perform malicious things.
+* *FUTURE*: this section will be expanded.
 
+.. _report-security-issue:
 
 How to report a security issue?
 ===============================
Index: llvm/docs/HowToSubmitABug.rst
===================================================================
--- llvm/docs/HowToSubmitABug.rst
+++ llvm/docs/HowToSubmitABug.rst
@@ -10,7 +10,7 @@
 about it.  This document describes what you can do to increase the odds of
 getting it fixed quickly.
 
-If you believe that the bug is security related, please follow :ref:`How to report a security issue?`.
+🔒 If you believe that the bug is security related, please follow :ref:`report-security-issue`. 🔒
 
 Basically you have to do two things at a minimum.  First, decide whether
 the bug `crashes the compiler`_ (or an LLVM pass), or if the
Index: llvm/docs/Contributing.rst
===================================================================
--- llvm/docs/Contributing.rst
+++ llvm/docs/Contributing.rst
@@ -40,7 +40,7 @@
 Reporting a Security Issue
 --------------------------
 
-There is a separate process to submit security-related bugs, see :ref:`How to report a security issue?`.
+There is a separate process to submit security-related bugs, see :ref:`report-security-issue`.
 
 Bigger Pieces of Work
 ---------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D70326.277107.patch
Type: text/x-patch
Size: 3481 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200710/109fa83c/attachment.bin>

More information about the llvm-commits mailing list