diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-22 19:43:06 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-11-22 19:43:06 +0300 |
| commit | 52465bce85a2d28bcec5cba5a645bb610367ab1b (patch) | |
| tree | 90d8c46136af41d90f3dceae2a01f1f70e158855 /Documentation/admin-guide | |
| parent | 4cd731953d620b7e4e999a90d13db58b88c5e95b (diff) | |
| parent | 544b03da39e2d7b4961d3163976ed4bfb1fac509 (diff) | |
| download | linux-52465bce85a2d28bcec5cba5a645bb610367ab1b.tar.xz | |
Merge tag 'char-misc-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small char/misc driver fixes for issues that have been
reported.
Nothing major, highlights include:
- gnss sync write fixes
- uio oops fix
- nvmem fixes
- other minor fixes and some documentation/maintainers updates
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues"
* tag 'char-misc-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Documentation/security-bugs: Postpone fix publication in exceptional cases
MAINTAINERS: Add Sasha as a stable branch maintainer
gnss: sirf: fix synchronous write timeout
gnss: serial: fix synchronous write timeout
uio: Fix an Oops on load
test_firmware: fix error return getting clobbered
nvmem: core: fix regression in of_nvmem_cell_get()
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
drivers/misc/sgi-gru: fix Spectre v1 vulnerability
Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
slimbus: ngd: remove unnecessary check
Diffstat (limited to 'Documentation/admin-guide')
| -rw-r--r-- | Documentation/admin-guide/security-bugs.rst | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst index 164bf71149fd..30187d49dc2c 100644 --- a/Documentation/admin-guide/security-bugs.rst +++ b/Documentation/admin-guide/security-bugs.rst @@ -32,16 +32,17 @@ Disclosure and embargoed information The security list is not a disclosure channel. For that, see Coordination below. -Once a robust fix has been developed, our preference is to release the -fix in a timely fashion, treating it no differently than any of the other -thousands of changes and fixes the Linux kernel project releases every -month. - -However, at the request of the reporter, we will postpone releasing the -fix for up to 5 business days after the date of the report or after the -embargo has lifted; whichever comes first. The only exception to that -rule is if the bug is publicly known, in which case the preference is to -release the fix as soon as it's available. +Once a robust fix has been developed, the release process starts. Fixes +for publicly known bugs are released immediately. + +Although our preference is to release fixes for publicly undisclosed bugs +as soon as they become available, this may be postponed at the request of +the reporter or an affected party for up to 7 calendar days from the start +of the release process, with an exceptional extension to 14 calendar days +if it is agreed that the criticality of the bug requires more time. The +only valid reason for deferring the publication of a fix is to accommodate +the logistics of QA and large scale rollouts which require release +coordination. Whilst embargoed information may be shared with trusted individuals in order to develop a fix, such information will not be published alongside |