Documentation/security-bugs: Explain why plain text is preferred
The security contact list gets regular reports contained in archive attachments. This tends to add some back-and-forth delay in dealing with security reports since we have to ask for plain text, etc. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Jiri Kosina <jkosina@suse.cz> Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org> Acked-by: Will Deacon <will@kernel.org> Acked-by: Willy Tarreau <w@1wt.eu> Link: https://lore.kernel.org/r/202007091110.205DC6A9@keescook Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
parent
0288199e1f
commit
dbf35499fb
|
@ -21,11 +21,18 @@ understand and fix the security vulnerability.
|
|||
|
||||
As it is with any bug, the more information provided the easier it
|
||||
will be to diagnose and fix. Please review the procedure outlined in
|
||||
admin-guide/reporting-bugs.rst if you are unclear about what
|
||||
:doc:`reporting-bugs` if you are unclear about what
|
||||
information is helpful. Any exploit code is very helpful and will not
|
||||
be released without consent from the reporter unless it has already been
|
||||
made public.
|
||||
|
||||
Please send plain text emails without attachments where possible.
|
||||
It is much harder to have a context-quoted discussion about a complex
|
||||
issue if all the details are hidden away in attachments. Think of it like a
|
||||
:doc:`regular patch submission <../process/submitting-patches>`
|
||||
(even if you don't have a patch yet): describe the problem and impact, list
|
||||
reproduction steps, and follow it with a proposed fix, all in plain text.
|
||||
|
||||
Disclosure and embargoed information
|
||||
------------------------------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user