forked from Minki/linux
ddaedbbece
To address the requirements of embargoed hardware issues, like Meltdown, Spectre, L1TF etc. it is necessary to define and document a process for handling embargoed hardware security issues. Following the discussion at the maintainer summit 2018 in Edinburgh (https://lwn.net/Articles/769417/) the volunteered people have worked out a process and a Memorandum of Understanding. The latter addresses the fact that the Linux kernel community cannot sign NDAs for various reasons. The initial contact point for hardware security issues is different from the regular kernel security contact to provide a known and neutral interface for hardware vendors and researchers. The initial primary contact team is proposed to be staffed by Linux Foundation Fellows, who are not associated to a vendor or a distribution and are well connected in the industry as a whole. The process is designed with the experience of the past incidents in mind and tries to address the remaining gaps, so future (hopefully rare) incidents can be handled more efficiently. It won't remove the fact, that most of this has to be done behind closed doors, but it is set up to avoid big bureaucratic hurdles for individual developers. The process is solely for handling hardware security issues and cannot be used for regular kernel (software only) security bugs. This memo can help with hardware companies who, and I quote, "[my manager] doesn't want to bet his job on the list keeping things secret." This despite numerous leaks directly from that company over the years, and none ever so far from the kernel security team. Cognitive dissidence seems to be a requirement to be a good manager. To accelerate the adoption of this process, we introduce the concept of ambassadors in participating companies. The ambassadors are there to guide people to comply with the process, but are not automatically involved in the disclosure of a particular incident. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Laura Abbott <labbott@redhat.com> Acked-by: Ben Hutchings <ben@decadent.org.uk> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Jiri Kosina <jkosina@suse.cz> Link: https://lore.kernel.org/r/20190815212505.GC12041@kroah.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
68 lines
1.4 KiB
ReStructuredText
68 lines
1.4 KiB
ReStructuredText
.. raw:: latex
|
|
|
|
\renewcommand\thesection*
|
|
\renewcommand\thesubsection*
|
|
|
|
.. _process_index:
|
|
|
|
Working with the kernel development community
|
|
=============================================
|
|
|
|
So you want to be a Linux kernel developer? Welcome! While there is a lot
|
|
to be learned about the kernel in a technical sense, it is also important
|
|
to learn about how our community works. Reading these documents will make
|
|
it much easier for you to get your changes merged with a minimum of
|
|
trouble.
|
|
|
|
Below are the essential guides that every developer should read.
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
license-rules
|
|
howto
|
|
code-of-conduct
|
|
code-of-conduct-interpretation
|
|
development-process
|
|
submitting-patches
|
|
programming-language
|
|
coding-style
|
|
maintainer-pgp-guide
|
|
email-clients
|
|
kernel-enforcement-statement
|
|
kernel-driver-statement
|
|
|
|
Other guides to the community that are of interest to most developers are:
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
changes
|
|
submitting-drivers
|
|
stable-api-nonsense
|
|
management-style
|
|
stable-kernel-rules
|
|
submit-checklist
|
|
kernel-docs
|
|
deprecated
|
|
embargoed-hardware-issues
|
|
|
|
These are some overall technical guides that have been put here for now for
|
|
lack of a better place.
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
applying-patches
|
|
adding-syscalls
|
|
magic-number
|
|
volatile-considered-harmful
|
|
clang-format
|
|
|
|
.. only:: subproject and html
|
|
|
|
Indices
|
|
=======
|
|
|
|
* :ref:`genindex`
|