[llvm] docs: Add an incident response guide (PR #133567)

Vlad Serebrennikov via llvm-commits llvm-commits at lists.llvm.org
Sat Mar 29 11:06:21 PDT 2025


================
@@ -0,0 +1,87 @@
+============================
+LLVM Incident Response Guide
+============================
+
+Purpose
+=======
+
+The purpose of this document is to outline how a project administrator should respond to
+malicious or unwanted content that appears on LLVM infrastructure.  This includes but
+is not limited to: malicious code checked into the GitHub repository,  unauthorized access
+to LLVM controlled servers, or compromise of community owned resources like buildbots
+or GitHub Actions runners.
+
+General Principles
+==================
+
+We trust our project administrators to use good judgement when responding to an incident,
+so we want to avoid creating regulations or rules that will slow down or limit their ability to
+quickly resolve it.  However, we do want to provide some general guidelines for admins
+to follow during an incident, mainly to ensure that the problem and the steps taken to
+resolve it are being communicated effectively.  Here is a checklist admins should follow
----------------
Endilll wrote:

```suggestion
resolve it are being communicated effectively. Here is a checklist admins should follow
```

https://github.com/llvm/llvm-project/pull/133567


More information about the llvm-commits mailing list