On Fri, Apr 03, 2026 at 08:48:56AM -0700, Kees Cook wrote: > On Fri, Apr 03, 2026 at 08:20:17AM +0200, Willy Tarreau wrote: > > [...] > > +One difficulty for most first-time reporters is to figure the right list of > > +recipients to send a report to. In the Linux kernel, all official > > maintainers > > +are trusted, so the consequences of accidentally including the wrong > > maintainer > > +are essentially a bit more noise for that person, i.e. nothing dramatic. > > As > > Yeah, this is the central point: we already trust maintainers; there is > nothing "special" about [email protected].
Yep! > > [...] > > +single line suitable for use in the To: field of a mailer like this:: > > + > > + $ ./scripts/get_maintainer.pl --no-tree --no-l --no-r --no-n --m \ > > + --no-git-fallback --no-substatus --no-rolestats --no-multiline \ > > + --pattern-depth 1 drivers/example.c > > + [email protected], [email protected] > > To echo Greg, yeah, this is great, and has been an implicit action we've > done for years, so there's every reason to delegate it to the reporter > to avoid the round-trip. Thanks! > Though I guess we'll see if these new instructions actually change > anything -- we still have people asking for CVE assignments. :P I think it will move a little bit, because AI bots read this, so the annoying ones who used to send us reports they didn't read will make better ones. We've seen improvements already over the last two months, with more plain text and less copy-pasted markdown. But maybe the MD wasn't emitted in the first place. It's also true that the reports quality has improved and now the tools are used by some experienced people (but not just them yet). Anyway, we'll see. Now we have just a link to copy-paste in return, we'll see how it evolves. Cheers, Willy
