From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 75867A3; Wed, 8 May 2019 00:39:00 +0200 (CEST) Received: by mail-wm1-f67.google.com with SMTP id f2so596221wmj.3; Tue, 07 May 2019 15:39:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:user-agent:mime-version; bh=UiBeFzq6YATHbUP2Sva04WEzJaU9HgrwJpUS9Ez/lIs=; b=MKT4xnjAmWvRDl4QoDjskRW7AXHRPogXrnICZwogwtxY/GzPdeMv2KF4thiWtSXcvm WGlEH5Yny2MAKTeYWVqcfzRELNNhUgDFIJ02FVIIsKvnzz01qwdxuTNDP8dAdIjZAzQb 8/1QBT8fsWPtrFl8iIngmMSi49k+FjeOpF8f0dDFLOLVPaWIHXO6WpxNNN0xASBlYk1P i7a3Fu+ccFqOkEDoPP5BIQPWgTmMaOwhAfL/jU0ZoCR8QICkph7pd/PWjAyZFyFTVEnw yg2UJNAYfjXHRlB85TE18QODwSjSoCP5a01LtxfTYSQsNcvvRN3JNSg52JHYvwgIzLY7 G5AA== X-Gm-Message-State: APjAAAVIHTCTzKigEFKY6c7PxBTjBJHjP6szYfjmzj8SW8+L3vAOYDty nDiLNFgcSeuRAvFiyX7fV14= X-Google-Smtp-Source: APXvYqxJntzBXjTEw+0gVqIS2myhSeZB3YCUwjE5+LSI2jGr4oakRRv1Iv/2wWefxPOUZ5Exv/emgw== X-Received: by 2002:a05:600c:24ca:: with SMTP id 10mr519716wmu.45.1557268739926; Tue, 07 May 2019 15:38:59 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id g10sm13172256wrq.2.2019.05.07.15.38.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 07 May 2019 15:38:58 -0700 (PDT) Message-ID: <03d2500c1c55d1cd9c87eaf3f15ab1c9125251b3.camel@debian.org> From: Luca Boccassi To: Thomas Monjalon , dev@dpdk.org Cc: techboard@dpdk.org, Maxime Coquelin , Ferruh Yigit Date: Tue, 07 May 2019 23:38:57 +0100 In-Reply-To: <20190507160231.18551-1-thomas@monjalon.net> References: <20190507160231.18551-1-thomas@monjalon.net> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1 MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] doc: prepare security process for vulnerabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 May 2019 22:39:00 -0000 On Tue, 2019-05-07 at 18:02 +0200, Thomas Monjalon wrote: > In case a vulnerability is discovered, the process to follow > is described in this document. > It has been inspired by the process of some referenced projects > and with the help of experts from Intel, RedHat, Mellanox > and the Linux Foundation. >=20 > Signed-off-by: Thomas Monjalon < > thomas@monjalon.net > > > Signed-off-by: Maxime Coquelin < > maxime.coquelin@redhat.com > > > Signed-off-by: Ferruh Yigit < > ferruh.yigit@intel.com > > > --- > doc/guides/contributing/index.rst | 1 + > doc/guides/contributing/vulnerability.rst | 316 > ++++++++++++++++++++++ > 2 files changed, 317 insertions(+) > create mode 100644 doc/guides/contributing/vulnerability.rst I think at least the fingerprint of the GPG key to encrypt to, if a link to the whole public key given the page is served over https, should be on the page. Other than that, good stuff! Acked-by: Luca Boccassi --=20 Kind regards, Luca Boccassi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 884E7A0096 for ; Wed, 8 May 2019 00:39:02 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5AA002082; Wed, 8 May 2019 00:39:01 +0200 (CEST) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 75867A3; Wed, 8 May 2019 00:39:00 +0200 (CEST) Received: by mail-wm1-f67.google.com with SMTP id f2so596221wmj.3; Tue, 07 May 2019 15:39:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:user-agent:mime-version; bh=UiBeFzq6YATHbUP2Sva04WEzJaU9HgrwJpUS9Ez/lIs=; b=MKT4xnjAmWvRDl4QoDjskRW7AXHRPogXrnICZwogwtxY/GzPdeMv2KF4thiWtSXcvm WGlEH5Yny2MAKTeYWVqcfzRELNNhUgDFIJ02FVIIsKvnzz01qwdxuTNDP8dAdIjZAzQb 8/1QBT8fsWPtrFl8iIngmMSi49k+FjeOpF8f0dDFLOLVPaWIHXO6WpxNNN0xASBlYk1P i7a3Fu+ccFqOkEDoPP5BIQPWgTmMaOwhAfL/jU0ZoCR8QICkph7pd/PWjAyZFyFTVEnw yg2UJNAYfjXHRlB85TE18QODwSjSoCP5a01LtxfTYSQsNcvvRN3JNSg52JHYvwgIzLY7 G5AA== X-Gm-Message-State: APjAAAVIHTCTzKigEFKY6c7PxBTjBJHjP6szYfjmzj8SW8+L3vAOYDty nDiLNFgcSeuRAvFiyX7fV14= X-Google-Smtp-Source: APXvYqxJntzBXjTEw+0gVqIS2myhSeZB3YCUwjE5+LSI2jGr4oakRRv1Iv/2wWefxPOUZ5Exv/emgw== X-Received: by 2002:a05:600c:24ca:: with SMTP id 10mr519716wmu.45.1557268739926; Tue, 07 May 2019 15:38:59 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id g10sm13172256wrq.2.2019.05.07.15.38.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 07 May 2019 15:38:58 -0700 (PDT) Message-ID: <03d2500c1c55d1cd9c87eaf3f15ab1c9125251b3.camel@debian.org> From: Luca Boccassi To: Thomas Monjalon , dev@dpdk.org Cc: techboard@dpdk.org, Maxime Coquelin , Ferruh Yigit Date: Tue, 07 May 2019 23:38:57 +0100 In-Reply-To: <20190507160231.18551-1-thomas@monjalon.net> References: <20190507160231.18551-1-thomas@monjalon.net> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1 MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] doc: prepare security process for vulnerabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190507223857.mHnnO9IE9J5_ImWLmHbZ115BlUfo0Rimk-bbIO0v-3k@z> On Tue, 2019-05-07 at 18:02 +0200, Thomas Monjalon wrote: > In case a vulnerability is discovered, the process to follow > is described in this document. > It has been inspired by the process of some referenced projects > and with the help of experts from Intel, RedHat, Mellanox > and the Linux Foundation. >=20 > Signed-off-by: Thomas Monjalon < > thomas@monjalon.net > > > Signed-off-by: Maxime Coquelin < > maxime.coquelin@redhat.com > > > Signed-off-by: Ferruh Yigit < > ferruh.yigit@intel.com > > > --- > doc/guides/contributing/index.rst | 1 + > doc/guides/contributing/vulnerability.rst | 316 > ++++++++++++++++++++++ > 2 files changed, 317 insertions(+) > create mode 100644 doc/guides/contributing/vulnerability.rst I think at least the fingerprint of the GPG key to encrypt to, if a link to the whole public key given the page is served over https, should be on the page. Other than that, good stuff! Acked-by: Luca Boccassi --=20 Kind regards, Luca Boccassi