[PATCH] D89068: Add expected response time and escalation path to the security docs

Kristof Beyls via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Oct 13 01:57:37 PDT 2020 

This revision was automatically updated to reflect the committed changes.
Closed by commit rG05ef552e5660: Add expected response time and escalation path to the security docs (authored by pietroalbini, committed by kristof.beyls).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D89068/new/

https://reviews.llvm.org/D89068

Files:
  llvm/docs/Security.rst


Index: llvm/docs/Security.rst
===================================================================
--- llvm/docs/Security.rst
+++ llvm/docs/Security.rst
@@ -207,13 +207,14 @@
 How to report a security issue?
 ===============================
 
-*FUTURE*: this section will be expanded once we’ve figured out other details above.
+*FUTURE*: this section will be expanded once we’ve figured out other details above. In the meantime, if you found a security issue please follow directly the escalation instructions below.
 
 Not everyone who wants to report a security issue will be familiar with LLVM, its community, and processes. Therefore, this needs to be easy to find on the LLVM website, and set clear expectations to issue reporters.
 
-
+We aim to acknowledge your report within two business days since you first reach out. If you do not receive any response by then, you can escalate by sending a message to the `llvm-dev mailing list`_ asking to get in touch with someone from the LLVM Security Group. **The escalation mailing list is public**: avoid discussing or mentioning the specific issue when posting on it.
 
 .. _CVE process: https://cve.mitre.org
 .. _chromium issue tracker: https://crbug.com
 .. _GitHub security: https://help.github.com/en/articles/about-maintainer-security-advisories
+.. _llvm-dev mailing list: https://lists.llvm.org/mailman/listinfo/llvm-dev
 .. _MITRE: https://cve.mitre.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D89068.297789.patch
Type: text/x-patch
Size: 1420 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201013/8a0f34e5/attachment.bin>

More information about the llvm-commits mailing list