Proper procedure for reporting possible security vulnerabilities? - linux.kernel

Message from discussion Proper procedure for reporting possible security vulnerabilities?

Steve Bergman

View profile

More options Jan 10 2005, 11:50 am

Newsgroups: linux.kernel

From: Steve Bergman <st...@rueb.com>

Date: Mon, 10 Jan 2005 17:50:17 +0100

Local: Mon, Jan 10 2005 11:50 am

Subject: Proper procedure for reporting possible security vulnerabilities?

  Reply to author
  |
  Forward
  | Print
  | View thread
  | Show original
  | Report this message
  | Find messages by this author
  

There seems to be some confusion in certain quarters as to the proper
procedure for reporting possible kernel security issues.
REPORTING-BUGS says send bug reports to the maintainer of that area of
the kernel. However, what about areas for which a maintainer is not
listed? (e.g. VM) It seems that some take that to mean send it
directly to Linus and if you don't hear something back quickly, release
an exploit to the wild.

So what is the preferred procedure and is it documented somewhere?
Should it be made more prominent?

Thanks for any information,
Steve Bergman
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Reply to author Forward