From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <luca.boccassi@gmail.com>
Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com
 [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 75867A3;
 Wed,  8 May 2019 00:39:00 +0200 (CEST)
Received: by mail-wm1-f67.google.com with SMTP id f2so596221wmj.3;
 Tue, 07 May 2019 15:39:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
 :references:content-transfer-encoding:user-agent:mime-version;
 bh=UiBeFzq6YATHbUP2Sva04WEzJaU9HgrwJpUS9Ez/lIs=;
 b=MKT4xnjAmWvRDl4QoDjskRW7AXHRPogXrnICZwogwtxY/GzPdeMv2KF4thiWtSXcvm
 WGlEH5Yny2MAKTeYWVqcfzRELNNhUgDFIJ02FVIIsKvnzz01qwdxuTNDP8dAdIjZAzQb
 8/1QBT8fsWPtrFl8iIngmMSi49k+FjeOpF8f0dDFLOLVPaWIHXO6WpxNNN0xASBlYk1P
 i7a3Fu+ccFqOkEDoPP5BIQPWgTmMaOwhAfL/jU0ZoCR8QICkph7pd/PWjAyZFyFTVEnw
 yg2UJNAYfjXHRlB85TE18QODwSjSoCP5a01LtxfTYSQsNcvvRN3JNSg52JHYvwgIzLY7
 G5AA==
X-Gm-Message-State: APjAAAVIHTCTzKigEFKY6c7PxBTjBJHjP6szYfjmzj8SW8+L3vAOYDty
 nDiLNFgcSeuRAvFiyX7fV14=
X-Google-Smtp-Source: APXvYqxJntzBXjTEw+0gVqIS2myhSeZB3YCUwjE5+LSI2jGr4oakRRv1Iv/2wWefxPOUZ5Exv/emgw==
X-Received: by 2002:a05:600c:24ca:: with SMTP id
 10mr519716wmu.45.1557268739926; 
 Tue, 07 May 2019 15:38:59 -0700 (PDT)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id g10sm13172256wrq.2.2019.05.07.15.38.58
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 07 May 2019 15:38:58 -0700 (PDT)
Message-ID: <03d2500c1c55d1cd9c87eaf3f15ab1c9125251b3.camel@debian.org>
From: Luca Boccassi <bluca@debian.org>
To: Thomas Monjalon <thomas@monjalon.net>, dev@dpdk.org
Cc: techboard@dpdk.org, Maxime Coquelin <maxime.coquelin@redhat.com>, Ferruh
 Yigit <ferruh.yigit@intel.com>
Date: Tue, 07 May 2019 23:38:57 +0100
In-Reply-To: <20190507160231.18551-1-thomas@monjalon.net>
References: <20190507160231.18551-1-thomas@monjalon.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.30.5-1 
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] doc: prepare security process for
 vulnerabilities
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 22:39:00 -0000

On Tue, 2019-05-07 at 18:02 +0200, Thomas Monjalon wrote:
> In case a vulnerability is discovered, the process to follow
> is described in this document.
> It has been inspired by the process of some referenced projects
> and with the help of experts from Intel, RedHat, Mellanox
> and the Linux Foundation.
>=20
> Signed-off-by: Thomas Monjalon <
> thomas@monjalon.net
> >
> Signed-off-by: Maxime Coquelin <
> maxime.coquelin@redhat.com
> >
> Signed-off-by: Ferruh Yigit <
> ferruh.yigit@intel.com
> >
> ---
>  doc/guides/contributing/index.rst         |   1 +
>  doc/guides/contributing/vulnerability.rst | 316
> ++++++++++++++++++++++
>  2 files changed, 317 insertions(+)
>  create mode 100644 doc/guides/contributing/vulnerability.rst

I think at least the fingerprint of the GPG key to encrypt to, if a
link to the whole public key given the page is served over https,
should be on the  page.

Other than that, good stuff!

Acked-by: Luca Boccassi <bluca@debian.org>

--=20
Kind regards,
Luca Boccassi

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by dpdk.space (Postfix) with ESMTP id 884E7A0096
	for <public@inbox.dpdk.org>; Wed,  8 May 2019 00:39:02 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 5AA002082;
	Wed,  8 May 2019 00:39:01 +0200 (CEST)
Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com
 [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 75867A3;
 Wed,  8 May 2019 00:39:00 +0200 (CEST)
Received: by mail-wm1-f67.google.com with SMTP id f2so596221wmj.3;
 Tue, 07 May 2019 15:39:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
 :references:content-transfer-encoding:user-agent:mime-version;
 bh=UiBeFzq6YATHbUP2Sva04WEzJaU9HgrwJpUS9Ez/lIs=;
 b=MKT4xnjAmWvRDl4QoDjskRW7AXHRPogXrnICZwogwtxY/GzPdeMv2KF4thiWtSXcvm
 WGlEH5Yny2MAKTeYWVqcfzRELNNhUgDFIJ02FVIIsKvnzz01qwdxuTNDP8dAdIjZAzQb
 8/1QBT8fsWPtrFl8iIngmMSi49k+FjeOpF8f0dDFLOLVPaWIHXO6WpxNNN0xASBlYk1P
 i7a3Fu+ccFqOkEDoPP5BIQPWgTmMaOwhAfL/jU0ZoCR8QICkph7pd/PWjAyZFyFTVEnw
 yg2UJNAYfjXHRlB85TE18QODwSjSoCP5a01LtxfTYSQsNcvvRN3JNSg52JHYvwgIzLY7
 G5AA==
X-Gm-Message-State: APjAAAVIHTCTzKigEFKY6c7PxBTjBJHjP6szYfjmzj8SW8+L3vAOYDty
 nDiLNFgcSeuRAvFiyX7fV14=
X-Google-Smtp-Source: APXvYqxJntzBXjTEw+0gVqIS2myhSeZB3YCUwjE5+LSI2jGr4oakRRv1Iv/2wWefxPOUZ5Exv/emgw==
X-Received: by 2002:a05:600c:24ca:: with SMTP id
 10mr519716wmu.45.1557268739926; 
 Tue, 07 May 2019 15:38:59 -0700 (PDT)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id g10sm13172256wrq.2.2019.05.07.15.38.58
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 07 May 2019 15:38:58 -0700 (PDT)
Message-ID: <03d2500c1c55d1cd9c87eaf3f15ab1c9125251b3.camel@debian.org>
From: Luca Boccassi <bluca@debian.org>
To: Thomas Monjalon <thomas@monjalon.net>, dev@dpdk.org
Cc: techboard@dpdk.org, Maxime Coquelin <maxime.coquelin@redhat.com>, Ferruh
 Yigit <ferruh.yigit@intel.com>
Date: Tue, 07 May 2019 23:38:57 +0100
In-Reply-To: <20190507160231.18551-1-thomas@monjalon.net>
References: <20190507160231.18551-1-thomas@monjalon.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.30.5-1 
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] doc: prepare security process for
 vulnerabilities
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
Message-ID: <20190507223857.mHnnO9IE9J5_ImWLmHbZ115BlUfo0Rimk-bbIO0v-3k@z>

On Tue, 2019-05-07 at 18:02 +0200, Thomas Monjalon wrote:
> In case a vulnerability is discovered, the process to follow
> is described in this document.
> It has been inspired by the process of some referenced projects
> and with the help of experts from Intel, RedHat, Mellanox
> and the Linux Foundation.
>=20
> Signed-off-by: Thomas Monjalon <
> thomas@monjalon.net
> >
> Signed-off-by: Maxime Coquelin <
> maxime.coquelin@redhat.com
> >
> Signed-off-by: Ferruh Yigit <
> ferruh.yigit@intel.com
> >
> ---
>  doc/guides/contributing/index.rst         |   1 +
>  doc/guides/contributing/vulnerability.rst | 316
> ++++++++++++++++++++++
>  2 files changed, 317 insertions(+)
>  create mode 100644 doc/guides/contributing/vulnerability.rst

I think at least the fingerprint of the GPG key to encrypt to, if a
link to the whole public key given the page is served over https,
should be on the  page.

Other than that, good stuff!

Acked-by: Luca Boccassi <bluca@debian.org>

--=20
Kind regards,
Luca Boccassi