Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-04-22 Thread Linus Torvalds
On Sun, Apr 22, 2018 at 3:00 AM, Pavel Machek wrote: > > On Fri 2018-03-09 13:15:31, Linus Torvalds wrote: >> >> Oh, I don't want to be taken seriously by people who use gpg >> encrypted email. > > Heh. I see that gpg has some usability problems, but we do encrypt our > http

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-04-22 Thread Linus Torvalds
On Sun, Apr 22, 2018 at 3:00 AM, Pavel Machek wrote: > > On Fri 2018-03-09 13:15:31, Linus Torvalds wrote: >> >> Oh, I don't want to be taken seriously by people who use gpg >> encrypted email. > > Heh. I see that gpg has some usability problems, but we do encrypt our > http connections, and

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-04-22 Thread Pavel Machek
Hi! On Fri 2018-03-09 13:15:31, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wrote: > > > > If you want to be taken seriously then I think minimum you also need to > > - Give a GPG key for messages to the list > > Oh, I don't want to be taken

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-04-22 Thread Pavel Machek
Hi! On Fri 2018-03-09 13:15:31, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wrote: > > > > If you want to be taken seriously then I think minimum you also need to > > - Give a GPG key for messages to the list > > Oh, I don't want to be taken seriously by people who use gpg

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-09 Thread Linus Torvalds
On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wrote: > > If you want to be taken seriously then I think minimum you also need to > - Give a GPG key for messages to the list Oh, I don't want to be taken seriously by people who use gpg encrypted email. It's garbage and

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-09 Thread Linus Torvalds
On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox wrote: > > If you want to be taken seriously then I think minimum you also need to > - Give a GPG key for messages to the list Oh, I don't want to be taken seriously by people who use gpg encrypted email. It's garbage and should be shunned as such. I

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-09 Thread Alan Cox
On Wed, 07 Mar 2018 13:46:24 -0800 Dave Hansen wrote: > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > >We prefer to fully disclose the bug as soon as

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-09 Thread Alan Cox
On Wed, 07 Mar 2018 13:46:24 -0800 Dave Hansen wrote: > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > >We prefer to fully disclose the bug as soon as possible. > > which is not really the case. Linus says: > >

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-08 Thread Jonathan Corbet
On Wed, 7 Mar 2018 13:53:06 -0800 Linus Torvalds wrote: > I'm guessing this will go through Jon? Sounds like a fine guess to me; will apply shortly. Thanks, jon

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-08 Thread Jonathan Corbet
On Wed, 7 Mar 2018 13:53:06 -0800 Linus Torvalds wrote: > I'm guessing this will go through Jon? Sounds like a fine guess to me; will apply shortly. Thanks, jon

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-08 Thread Greg KH
On Wed, Mar 07, 2018 at 01:46:24PM -0800, Dave Hansen wrote: > > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > >We prefer to fully disclose the bug as soon as possible. > > which is not

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-08 Thread Greg KH
On Wed, Mar 07, 2018 at 01:46:24PM -0800, Dave Hansen wrote: > > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > >We prefer to fully disclose the bug as soon as possible. > > which is not really the case. Linus says:

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Kees Cook
On Wed, Mar 7, 2018 at 1:46 PM, Dave Hansen wrote: > > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > > We prefer to fully disclose the bug as soon as possible.

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Kees Cook
On Wed, Mar 7, 2018 at 1:46 PM, Dave Hansen wrote: > > From: Dave Hansen > > I think we need to soften the language a bit. It might scare folks > off, especially the: > > We prefer to fully disclose the bug as soon as possible. > > which is not really the case. Linus says: > >

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Linus Torvalds
That patch looks fine to me, avoiding any terms that might be misunderstood, and being pretty straightforward. I'm guessing this will go through Jon? Linus

Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Linus Torvalds
That patch looks fine to me, avoiding any terms that might be misunderstood, and being pretty straightforward. I'm guessing this will go through Jon? Linus

[PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Dave Hansen
From: Dave Hansen I think we need to soften the language a bit. It might scare folks off, especially the: We prefer to fully disclose the bug as soon as possible. which is not really the case. Linus says: It's not full disclosure, it's not

[PATCH] [v2] docs: clarify security-bugs disclosure policy

2018-03-07 Thread Dave Hansen
From: Dave Hansen I think we need to soften the language a bit. It might scare folks off, especially the: We prefer to fully disclose the bug as soon as possible. which is not really the case. Linus says: It's not full disclosure, it's not coordinated disclosure,