On Mon, May 11, 2026 at 07:28:57PM +0200, Greg KH wrote: > On Sat, May 09, 2026 at 11:47:54AM +0200, Willy Tarreau wrote: > > The use of automated tools to find bugs in random locations of the kernel > > induces a raise of security reports even if most of them should just be > > reported as regular bugs. This patch is an attempt at drawing a line > > between what qualifies as a security bug and what does not, hoping to > > improve the situation and ease decision on the reporter's side. > > > > It defers the enumeration to a new file, threat-model.rst, that tries > > to enumerate various classes of issues that are and are not security > > bugs. This should permit to more easily update this file for various > > subsystem-specific rules without having to revisit the security bug > > reporting guide. > > > > Cc: Greg KH <[email protected]> > > Cc: Leon Romanovsky <[email protected]> > > Suggested-by: Leon Romanovsky <[email protected]> > > Suggested-by: Greg KH <[email protected]> > > Reviewed-by: Leon Romanovsky <[email protected]> > > Reviewed-by: Shuah Khan <[email protected]> > > Signed-off-by: Willy Tarreau <[email protected]> > > --- > > Documentation/process/index.rst | 1 + > > Documentation/process/security-bugs.rst | 38 +++- > > Documentation/process/threat-model.rst | 236 ++++++++++++++++++++++++ > > 3 files changed, 274 insertions(+), 1 deletion(-) > > create mode 100644 Documentation/process/threat-model.rst > > Looks great, thank you! > > Reviewed-by: Greg Kroah-Hartman <[email protected]> > > Want me to take it through one of my trees now to get it to Linus this > week, or should it go through the documentation tree? Either is fine > with me.
Yes, please take it as usual, it's simpler for me and it will likely allow it to be published ealier, which ultimately should help us faster ;-) Thanks! Willy
