[llvm] Improve description of what is considered a security issue (PR #147035)
Kristof Beyls via llvm-commits
llvm-commits at lists.llvm.org
Mon Jul 7 07:50:51 PDT 2025
================
@@ -217,31 +222,51 @@ security-sensitive). This requires a rationale, and buy-in from the LLVM
community as for any RFC. In some cases, parts of the codebase could be handled
as security-sensitive but need significant work to get to the stage where that's
manageable. The LLVM community will need to decide whether it wants to invest in
-making these parts of the code securable, and maintain these security
-properties over time. In all cases the LLVM Security Response Group should be consulted,
+making these parts of the code securable, and maintain these security properties
+over time. In all cases the LLVM Security Response Group should be consulted,
----------------
kbeyls wrote:
That does make sense. For now, I just ended up adding a link from "should be consulted" to the https://llvm.org/docs/Security.html#discussion-medium section.
Agreed, I also expect most changes requiring an RFC.
I'm personally OK with not requiring the security response group to be consulted first, but if more people think it's best to explicitly recommend to first consult with the security response group, I can add that.
https://github.com/llvm/llvm-project/pull/147035
More information about the llvm-commits
mailing list