[llvm] Improve description of what is considered a security issue (PR #147035)
Peter Smith via llvm-commits
llvm-commits at lists.llvm.org
Fri Jul 4 07:02:14 PDT 2025
================
@@ -217,31 +222,51 @@ security-sensitive). This requires a rationale, and buy-in from the LLVM
community as for any RFC. In some cases, parts of the codebase could be handled
as security-sensitive but need significant work to get to the stage where that's
manageable. The LLVM community will need to decide whether it wants to invest in
-making these parts of the code securable, and maintain these security
-properties over time. In all cases the LLVM Security Response Group should be consulted,
+making these parts of the code securable, and maintain these security properties
+over time. In all cases the LLVM Security Response Group should be consulted,
----------------
smithp35 wrote:
Could be worth stating how best to consult the Security Response Group over possible changes. I can think of 2 likely ones given the information available in https://llvm.org/docs/Security.html#discussion-medium
* Join the Monthly public call.
* File a Github issue.
I'd expect that any changes to the security-sensitive area would need a discussion with the community via RFC. One way of communication could be just writing an RFC directly. I think I'd prefer that the Security Response Group would be consulted first and to write the RFC though.
https://github.com/llvm/llvm-project/pull/147035
More information about the llvm-commits
mailing list