[[mailing-lists:distros]]
 
Trace: distros

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:distros [2024/03/31 20:26]
solar [List policy and instructions for reporters] Simplification and emphasis, no policy change 		mailing-lists:distros [2025/07/02 23:18] (current)
solar [Linux distribution security contacts list] remove Chrome OS
Line 20: Line 20:
   * Amazon Linux AMI   * Amazon Linux AMI
   * Arch Linux   * Arch Linux
-  * Chrome OS+  * CentOS Project'​s Hyperscale SIG
   * CIQ Rocky Linux Security Team   * CIQ Rocky Linux Security Team
   * CloudLinux   * CloudLinux
Line 46: Line 46:
 PLEASE NOTE THAT **BY POSTING TO THESE LISTS YOU ACCEPT CERTAIN RESPONSIBILITIES**. ​ PLEASE **READ** THIS SECTION CAREFULLY **BEFORE YOU POST**. PLEASE NOTE THAT **BY POSTING TO THESE LISTS YOU ACCEPT CERTAIN RESPONSIBILITIES**. ​ PLEASE **READ** THIS SECTION CAREFULLY **BEFORE YOU POST**.
  
-Please consider **notifying upstream projects/​developers of the affected software**, other affected [[:​vendors|distro vendors]], and/or affected [[:​software|Open Source projects]] **//​before//​ notifying one of these mailing lists** in order to readily **have fixes for the distributions to apply** and to **ensure that these other parties are OK with the maximum embargo period** that would apply (if not, you may delay your notification to the mailing list).+Please consider **notifying upstream projects/​developers of the affected software**, other affected [[:​vendors|distro vendors]], and/or affected [[:​software|Open Source projects]] **//​before//​ notifying one of these mailing lists** in order to readily **have fixes for the distributions to apply** and to **ensure that these other parties are OK with the maximum embargo period** that would apply (if not, you may delay your notification to the mailing list).  For **Linux kernel** issues, you must [[https://​docs.kernel.org/​process/​security-bugs.html|notify the kernel security team]] first, wait for the fix, and only then notify linux-distros or oss-security (depending on whether the information is still private or already public, as well as on issue severity).
  
 **The //maximum// acceptable embargo period for issues disclosed to these lists is 14 days**. ​ Please do not ask for a longer embargo. ​ In fact, **embargo periods shorter than 7 days are preferable**. ​ Reasonable //minimum// is 1 day, but in extreme special cases even a few hours of advance notice may help. **The //maximum// acceptable embargo period for issues disclosed to these lists is 14 days**. ​ Please do not ask for a longer embargo. ​ In fact, **embargo periods shorter than 7 days are preferable**. ​ Reasonable //minimum// is 1 day, but in extreme special cases even a few hours of advance notice may help.
mailing-lists/distros.1711909564.txt · Last modified: 2024/03/31 20:26 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux