This shows you the differences between two versions of the page.
|
mailing-lists:distros [2024/03/31 20:26] solar [List policy and instructions for reporters] Simplification and emphasis, no policy change |
mailing-lists:distros [2024/03/31 20:33] (current) solar [List policy and instructions for reporters] add specific guidance for Linux kernel issues |
||
|---|---|---|---|
| Line 46: | Line 46: | ||
| PLEASE NOTE THAT **BY POSTING TO THESE LISTS YOU ACCEPT CERTAIN RESPONSIBILITIES**. PLEASE **READ** THIS SECTION CAREFULLY **BEFORE YOU POST**. | PLEASE NOTE THAT **BY POSTING TO THESE LISTS YOU ACCEPT CERTAIN RESPONSIBILITIES**. PLEASE **READ** THIS SECTION CAREFULLY **BEFORE YOU POST**. | ||
| - | Please consider **notifying upstream projects/developers of the affected software**, other affected [[:vendors|distro vendors]], and/or affected [[:software|Open Source projects]] **//before// notifying one of these mailing lists** in order to readily **have fixes for the distributions to apply** and to **ensure that these other parties are OK with the maximum embargo period** that would apply (if not, you may delay your notification to the mailing list). | + | Please consider **notifying upstream projects/developers of the affected software**, other affected [[:vendors|distro vendors]], and/or affected [[:software|Open Source projects]] **//before// notifying one of these mailing lists** in order to readily **have fixes for the distributions to apply** and to **ensure that these other parties are OK with the maximum embargo period** that would apply (if not, you may delay your notification to the mailing list). For **Linux kernel** issues, you must [[https://docs.kernel.org/process/security-bugs.html|notify the kernel security team]] first, wait for the fix, and only then notify linux-distros or oss-security (depending on whether the information is still private or already public, as well as on issue severity). |
| **The //maximum// acceptable embargo period for issues disclosed to these lists is 14 days**. Please do not ask for a longer embargo. In fact, **embargo periods shorter than 7 days are preferable**. Reasonable //minimum// is 1 day, but in extreme special cases even a few hours of advance notice may help. | **The //maximum// acceptable embargo period for issues disclosed to these lists is 14 days**. Please do not ask for a longer embargo. In fact, **embargo periods shorter than 7 days are preferable**. Reasonable //minimum// is 1 day, but in extreme special cases even a few hours of advance notice may help. | ||