From 373bf66b937eaca190e5972cb9fea9a2b4b1c70d Mon Sep 17 00:00:00 2001 From: f0rm2l1n Date: Wed, 27 Oct 2021 16:23:06 +0800 Subject: docs: update bug reporting instructions --- docs/linux/reporting_kernel_bugs.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/linux') diff --git a/docs/linux/reporting_kernel_bugs.md b/docs/linux/reporting_kernel_bugs.md index 004cf7fd6..f1989fe9f 100644 --- a/docs/linux/reporting_kernel_bugs.md +++ b/docs/linux/reporting_kernel_bugs.md @@ -72,6 +72,7 @@ To report major security bugs (such as LPE, remote DOS, remote info leak or RCE) A few notes: * There should ideally be no delay between reports to `security@kernel.org` and `linux-distros@vs.openwall.org`. +* When working on the patch together with the `security@kernel.org` members and upstream maintainers, keep the linux-distros aware of the progress. * There should ideally be no delay between CVE description publication, distros' updates, upstream commit and notification to `oss-security@lists.openwall.com`. All of these should be on the same day, at worst. * The moment the issue is made public (e.g. patch is submitted upstream, CVE description published, etc.) it must be reported to `oss-security@lists.openwall.com` right away. -- cgit mrf-deployment