From patchwork Thu Mar 10 17:59:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luca Boccassi X-Patchwork-Id: 108662 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BF8F2A00BE; Thu, 10 Mar 2022 18:59:58 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 568444113F; Thu, 10 Mar 2022 18:59:58 +0100 (CET) Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by mails.dpdk.org (Postfix) with ESMTP id D4E474113E for ; Thu, 10 Mar 2022 18:59:57 +0100 (CET) Received: by mail-ej1-f41.google.com with SMTP id dr20so13746788ejc.6 for ; Thu, 10 Mar 2022 09:59:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=cNcaJKL9pot6cIqtHRXMEdMQLC6+RDRFzrt9u+y7OIQ=; b=fbrkcEK2BqhzQ5R00y16a3jbMEHYFhFeo3acnpjUdlC9U3a5qdxYXlotKIHVyVR20E cgOLlzi7z4eBeHGVj2L4oiLGifdFw6YZQCRBmZxO8kQwuJLtiXxK4hG31IZfKNhFzCAK pRA+JZ18Esp/lv0sarecjUlVsfF2D0NF6TrenmjgheQd6KFlmTVbpHJbelaw+saOfE2J fKI6odzbkWV9eR8FZiILfKXvN1n6wqxTPbQrwFWgzzNy89kY0F90uSHwvyHshepwZya/ EfiyJeUIU3Hp1pOLnj3gcPzPFYnLjIk5G3c6hmv40KDZ08MRnBSo2MDYQtbLIy8NzW1R asKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=cNcaJKL9pot6cIqtHRXMEdMQLC6+RDRFzrt9u+y7OIQ=; b=veipqeSm4GUDisqBgL6w6SjqD2xJ6SEFZdwtLY425pcJYcTAXhknUQ2w1OkmfnigIT VIyYwHzJsjDGu3JhynL0mBwpcKFcMbdu9v07JdYLan0UbJrJXDAxXZFx9prWIP6kT9Dd p3XYdqlSMh2LmyZOg+FKpjx8vBbzD9qVfmDHCz4F3UbuLA5Fgk8jcIZ9HTe0963TfLUB 8M78jA1Z01x8wGTGJO+h18o/R3zz2UXEf5oHnkiwrFb61G3gpl0/Rs3g40uRYOQBtiof otlWbO+GlDDm2LhkwOm5Cgo10RjM+bTJq2upkyZmwP1Q8YjSEIuumBtg7l5txueEAD1r U3Xw== X-Gm-Message-State: AOAM531uyGW/Rglzxx02ovzs0RNzrKRZHwHIfYtWg7FCxNrvdbOSpqZ0 4p8XNrLEZL5YP0dIHhpUm76MKMoZCdk= X-Google-Smtp-Source: ABdhPJzFWDXKkJpqU3E3fh3JLiUNh51TBvJb1wMSSGZAYSQ9oOGGtywTZ7l4qdEp4mnwrHHJHmkQgA== X-Received: by 2002:a17:906:4cce:b0:6d6:e571:fcf6 with SMTP id q14-20020a1709064cce00b006d6e571fcf6mr5314326ejt.293.1646935196671; Thu, 10 Mar 2022 09:59:56 -0800 (PST) Received: from localhost ([137.220.125.106]) by smtp.gmail.com with ESMTPSA id re21-20020a170906d8d500b006daf3718d0csm2000002ejb.143.2022.03.10.09.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Mar 2022 09:59:55 -0800 (PST) From: luca.boccassi@gmail.com To: dev@dpdk.org Cc: thomas@monjalon.net, maxime.coquelin@redhat.com, david.marchand@redhat.com, ktraynor@redhat.com, Luca Boccassi Subject: [PATCH] doc: relax requirement on commit messages of security fixes Date: Thu, 10 Mar 2022 17:59:47 +0000 Message-Id: <20220310175947.273850-1-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Luca Boccassi Allow more flexibility with embargo lifting by not requiring mentions of CVEs in commit messages if the lift date allows it. Signed-off-by: Luca Boccassi Reviewed-by: Maxime Coquelin Acked-by: Stephen Hemminger --- doc/guides/contributing/vulnerability.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index b6300252ad..fc60e02e37 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -170,7 +170,10 @@ The patches fixing the vulnerability are developed and reviewed by the security team and by elected area experts that agree to maintain confidentiality. -The CVE id and the bug id must be referenced in the patch. +The CVE id and the bug id must be referenced in the patch if there is no +embargo, or if there is an embargo, but it will be lifted when the release +including the patch is published. If the embargo is going to be lifted after the +release, then the CVE and bug ids must be omitted from the commit message. Backports to the identified affected versions are done once the fix is ready.