Add SECURITY.md for tracing service [chromium/src : main]

3 views
Skip to first unread message

Eric Seckler (Gerrit)

unread,
Jun 26, 2026, 9:06:39 AM (7 days ago) Jun 26
to Etienne Pierre-Doray, Igor Kraskevich, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
Attention needed from Etienne Pierre-Doray and Igor Kraskevich

Eric Seckler added 1 comment

Patchset-level comments
File-level comment, Patchset 3 (Latest):
Eric Seckler . resolved

+Etienne and Igor for review

Open in Gerrit

Related details

Attention is currently required from:
  • Etienne Pierre-Doray
  • Igor Kraskevich
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
Gerrit-Change-Number: 8011169
Gerrit-PatchSet: 3
Gerrit-Owner: Eric Seckler <esec...@chromium.org>
Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
Gerrit-Attention: Etienne Pierre-Doray <etie...@chromium.org>
Gerrit-Attention: Igor Kraskevich <krask...@google.com>
Gerrit-Comment-Date: Fri, 26 Jun 2026 13:06:21 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Igor Kraskevich (Gerrit)

unread,
Jun 26, 2026, 9:46:56 AM (7 days ago) Jun 26
to Eric Seckler, Etienne Pierre-Doray, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
Attention needed from Eric Seckler and Etienne Pierre-Doray

Igor Kraskevich voted Code-Review+1

Code-Review+1
Open in Gerrit

Related details

Attention is currently required from:
  • Eric Seckler
  • Etienne Pierre-Doray
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Gerrit-Change-Number: 8011169
    Gerrit-PatchSet: 3
    Gerrit-Owner: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
    Gerrit-Attention: Eric Seckler <esec...@chromium.org>
    Gerrit-Attention: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Comment-Date: Fri, 26 Jun 2026 13:46:35 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Etienne Pierre-Doray (Gerrit)

    unread,
    Jun 26, 2026, 10:51:08 AM (7 days ago) Jun 26
    to Eric Seckler, Igor Kraskevich, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
    Attention needed from Eric Seckler

    Etienne Pierre-Doray voted and added 1 comment

    Votes added by Etienne Pierre-Doray

    Code-Review+1

    1 comment

    Patchset-level comments
    File-level comment, Patchset 4 (Latest):
    Etienne Pierre-Doray . resolved

    LGTM

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Eric Seckler
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Gerrit-Change-Number: 8011169
    Gerrit-PatchSet: 4
    Gerrit-Owner: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
    Gerrit-Attention: Eric Seckler <esec...@chromium.org>
    Gerrit-Comment-Date: Fri, 26 Jun 2026 14:50:59 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Eric Seckler (Gerrit)

    unread,
    Jun 26, 2026, 11:31:12 AM (7 days ago) Jun 26
    to Etienne Pierre-Doray, Igor Kraskevich, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

    Eric Seckler voted Commit-Queue+2

    Commit-Queue+2
    Open in Gerrit

    Related details

    Attention set is empty
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Gerrit-Change-Number: 8011169
    Gerrit-PatchSet: 4
    Gerrit-Owner: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
    Gerrit-Comment-Date: Fri, 26 Jun 2026 15:30:52 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Will Harris (Gerrit)

    unread,
    Jun 26, 2026, 11:34:39 AM (7 days ago) Jun 26
    to Eric Seckler, Will Harris, Chromium LUCI CQ, Etienne Pierre-Doray, Igor Kraskevich, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

    Will Harris added 1 comment

    Patchset-level comments
    Will Harris . resolved

    this is a great doc. ty for doing this.

    Open in Gerrit

    Related details

    Attention set is empty
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Gerrit-Change-Number: 8011169
    Gerrit-PatchSet: 4
    Gerrit-Owner: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
    Gerrit-CC: Will Harris <w...@chromium.org>
    Gerrit-Comment-Date: Fri, 26 Jun 2026 15:34:26 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    open
    diffy

    Chromium LUCI CQ (Gerrit)

    unread,
    Jun 26, 2026, 11:41:45 AM (7 days ago) Jun 26
    to Eric Seckler, Will Harris, Etienne Pierre-Doray, Igor Kraskevich, chromium...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

    Chromium LUCI CQ submitted the change

    Change information

    Commit message:
    Add SECURITY.md for tracing service

    Introduce a SECURITY.md file in //services/tracing to document the
    security model, trust boundaries, and known architectural risks of
    the Chromium Tracing Service.

    This helps agentic security analysis and developers understand:
    - The untrusted nature of tracing producers.
    - The best-effort sandboxing of the tracing utility process.
    - The inherent risk of trace data exfiltration.
    - The architectural risk of running TraceProcessor in-process for
    JSON conversion, and the future plan to deprecate it.

    TAG=agy
    CONV=28ea1b26-9eb4-4ea7-9ec4-a488bed9c254
    Bug: 40110077, 517445104, 501823268, 506130201
    Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Reviewed-by: Igor Kraskevich <krask...@google.com>
    Reviewed-by: Etienne Pierre-Doray <etie...@chromium.org>
    Commit-Queue: Eric Seckler <esec...@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#1653184}
    Files:
    • A services/tracing/SECURITY.md
    Change size: M
    Delta: 1 file changed, 84 insertions(+), 0 deletions(-)
    Branch: refs/heads/main
    Submit Requirements:
    • requirement satisfiedCode-Review: +1 by Etienne Pierre-Doray, +1 by Igor Kraskevich
    Open in Gerrit
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: merged
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I002fdb916fc0e8ed4d664ff0e016e3128fd21a66
    Gerrit-Change-Number: 8011169
    Gerrit-PatchSet: 5
    Gerrit-Owner: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
    Gerrit-Reviewer: Eric Seckler <esec...@chromium.org>
    Gerrit-Reviewer: Etienne Pierre-Doray <etie...@chromium.org>
    Gerrit-Reviewer: Igor Kraskevich <krask...@google.com>
    open
    diffy
    satisfied_requirement
    Reply all
    Reply to author
    Forward
    0 new messages