On Fri, Apr 03, 2026 at 08:20:15AM +0200, Willy Tarreau wrote: > Hi Greg, > > I'm sending you the doc clarifications we discussed for the process of > reporting security issues. It's cut into the 3 patches I shared this > morning on the security list (plus two typos fixed and a paragraph > asking for one single issue per report): > > - one patch that reminds our need for a valid e-mail address > - one that explains to reporters how to proceed to find maintainers > addresses, hoping we won't have to do it for 90% of reports anymore > - one that enumerates basic requirements for every report > > I think it covers the difficulties we've faced this week. As always, > we might possibly find tiny adjustments to add, but my goal would be > for such updates to be merged in time to update the public page ASAP > so that we can redirect incomplete reports in an attempt to lower the > team's current load.
Looks great, thanks. I've applied these to one of my trees and will get them to Linus in time for 7.0-final. greg k-h
