On Mon, 11 May 2026 at 20:10, Alex Bennée <[email protected]> wrote:
>
> Peter Maydell <[email protected]> writes:
>
> > On Mon, 11 May 2026 at 18:06, Alex Bennée <[email protected]> wrote:
> >>
> >> This was written initially written by ECA based on its understanding of the
> >> code base. I then expanded it with links to the various documents and
> >> the general coding style.
> >>
> >> Signed-off-by: Alex Bennée <[email protected]>
> >
> >> +## Security Policy
> >> +You MUST NOT report potential security vulnerabilities in public trackers
> >> +(like GitLab issues). Refer to `docs/system/security.rst` for the
> >> project's
> >> +security stance. In brief:
> >> +- **Virtualization Use Case**: (with KVM/HVF and specific machine types)
> >> is
> >> + the focus of security support.
> >> +- **Non-virtualization Use Case**: (TCG) does not currently provide guest
> >> + isolation guarantees.
> >> +- **Reporting**: Report vulnerabilities privately to
> >> `[email protected]`.
> >
> > I feel like the important thing we want to point out to agents is
> > that not all "this crashes / asserts / overruns a buffer" bugs
> > are security issues. As it stands I feel like this text is
> > going to steer them pretty strongly towards throwing anything
> > and everything at qemu-security@, including bugs which we
> > don't consider security issues. What we want ideally is to
> > give instructions that will make the LLM itself do the
> > initial "is this covered by the security policy" triage.
>
> I think for that we should augment the triage skill itself.
I still think we have a few things we definitely want to communicate
to an LLM ("don't generate code for upstream", "these aren't
security issues") and those should go in the top level agents.MD
and go in sooner rather than later. All the other stuff about
skills I'm much less sure about and tend to feel we should
add them slowly as and when multiple people say they're useful.
So I'd rather see the two or three key messages go in AGENTS.md.
Also, even if you have a triage skill, if you say
"Report vulnerabilities privately to `[email protected]`"
and "You MUST NOT report potential security vulnerabilities in
public trackers" then you're really strongly steering everything
to that security email. We should get this text right, not
have it say the wrong thing and hope that the triage skill
overrides it.
thanks
-- PMM
