On Mon, Apr 29, 2024 at 09:18:29AM +0200, Thorsten Leemhuis wrote: > Document when to use of sta...@kernel.org instead of > sta...@vger.kernel.org, as the two are easily mixed up and their > difference not explained anywhere[1]. > > Link: https://lore.kernel.org/all/20240422231550.3cf5f...@sal.lan/ [1] > Signed-off-by: Thorsten Leemhuis <li...@leemhuis.info> > --- > Documentation/process/stable-kernel-rules.rst | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/Documentation/process/stable-kernel-rules.rst > b/Documentation/process/stable-kernel-rules.rst > index b4af627154f1d8..ebf4152659f2d0 100644 > --- a/Documentation/process/stable-kernel-rules.rst > +++ b/Documentation/process/stable-kernel-rules.rst > @@ -72,6 +72,10 @@ for stable trees, add this tag in the sign-off area:: > > Cc: sta...@vger.kernel.org > > +Use ``Cc: sta...@kernel.org`` instead when fixing unpublished > vulnerabilities: > +it reduces the chance of accidentally exposing the fix to the public by way > of > +'git send-email', as mails sent to that address are not delivered anywhere.
The "fun" part of just saying this is that then it is a huge "signal" to others that "hey, this might be a security fix!" when it lands in Linus's tree. But hey, we do what we can, I know my scripts always use this address just to put a bit more noise into that signal :) That being said, it's good to have this documented now, thanks for it: Reviewed-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>