[llvm] docs: Add an incident response guide (PR #133567)
Vlad Serebrennikov via llvm-commits
llvm-commits at lists.llvm.org
Sat Mar 29 11:06:22 PDT 2025
================
@@ -0,0 +1,87 @@
+============================
+LLVM Incident Response Guide
+============================
+
+Purpose
+=======
+
+The purpose of this document is to outline how a project administrator should respond to
+malicious or unwanted content that appears on LLVM infrastructure. This includes but
+is not limited to: malicious code checked into the GitHub repository, unauthorized access
+to LLVM controlled servers, or compromise of community owned resources like buildbots
+or GitHub Actions runners.
+
+General Principles
+==================
+
+We trust our project administrators to use good judgement when responding to an incident,
+so we want to avoid creating regulations or rules that will slow down or limit their ability to
+quickly resolve it. However, we do want to provide some general guidelines for admins
+to follow during an incident, mainly to ensure that the problem and the steps taken to
+resolve it are being communicated effectively. Here is a checklist admins should follow
+when addressing an issue:
+
+1. Communicate the problem to another admin.
+2. Decide on a short term solution to minimize the impact.
+3. Communicate the solution to another admin.
+4. Take action and implement the solution.
+5. Notify the community of what was done.
+6. Meet with one or more admins to discuss long-term solution.
+7. Implement long-term solution.
+8. Publish a retrospective for the community.
+
+1. Communicate the problem to another admin
+-------------------------------------------
+
+It's important to let someone else know what is going on. It can be an email,
+slack, or Discord message, and you don't have to wait for a response before
+taking action.
+
+2. Decide on a short term solution to minimize the impact
+---------------------------------------------------------
+
+For a short-term solution the goal should be to protect the community or users from
+being impacted by the incident. An example of a short-term action would be to
----------------
Endilll wrote:
```suggestion
being impacted by the incident. An example of a short-term action would be to
```
https://github.com/llvm/llvm-project/pull/133567
More information about the llvm-commits
mailing list