From patchwork Mon Jun 17 16:06:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ferruh Yigit X-Patchwork-Id: 54878 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9CA7B1BF37; Mon, 17 Jun 2019 18:06:54 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 35A811BBF4 for ; Mon, 17 Jun 2019 18:06:53 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jun 2019 09:06:52 -0700 X-ExtLoop1: 1 Received: from silpixa00399752.ir.intel.com (HELO silpixa00399752.ger.corp.intel.com) ([10.237.223.78]) by orsmga005.jf.intel.com with ESMTP; 17 Jun 2019 09:06:50 -0700 From: Ferruh Yigit To: John McNamara , Marko Kovacevic Cc: dev@dpdk.org, Thomas Monjalon , Maxime Coquelin Date: Mon, 17 Jun 2019 17:06:47 +0100 Message-Id: <20190617160648.8506-1-ferruh.yigit@intel.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Clarify that a fixed date will be used for end of embargo (public disclosure) date while communicating with downstream stakeholders. Initial document got a review that it gives an impression that communicated embargo date can be a range like 'less than a week' which is not the case. The range applies when defining the end of the embargo date but a fix date will be communicated. Signed-off-by: Ferruh Yigit Acked-by: John McNamara --- doc/guides/contributing/vulnerability.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index a4bef4857..0d8432d56 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -182,7 +182,7 @@ When the fix is ready, the security advisory and patches are sent to downstream stakeholders (`security-prerelease@dpdk.org `_), specifying the date and time of the end of the embargo. -The public disclosure should happen in **less than one week**. +The communicated public disclosure date should be **less than one week** Downstream stakeholders are expected not to deploy or disclose patches until the embargo is passed, otherwise they will be removed from the list. From patchwork Mon Jun 17 16:06:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ferruh Yigit X-Patchwork-Id: 54879 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 17B951BF95; Mon, 17 Jun 2019 18:06:57 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id BEB7A1BF68 for ; Mon, 17 Jun 2019 18:06:54 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jun 2019 09:06:54 -0700 X-ExtLoop1: 1 Received: from silpixa00399752.ir.intel.com (HELO silpixa00399752.ger.corp.intel.com) ([10.237.223.78]) by orsmga005.jf.intel.com with ESMTP; 17 Jun 2019 09:06:52 -0700 From: Ferruh Yigit To: John McNamara , Marko Kovacevic Cc: dev@dpdk.org, Thomas Monjalon , Maxime Coquelin Date: Mon, 17 Jun 2019 17:06:48 +0100 Message-Id: <20190617160648.8506-2-ferruh.yigit@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190617160648.8506-1-ferruh.yigit@intel.com> References: <20190617160648.8506-1-ferruh.yigit@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 2/2] doc/security: clarify experimental API status X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Explicitly note that experimental APIs also part of security process. Signed-off-by: Ferruh Yigit Acked-by: John McNamara --- doc/guides/contributing/vulnerability.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index 0d8432d56..a69da0d36 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -8,7 +8,7 @@ Scope ----- Only the main repositories (dpdk and dpdk-stable) of the core project -are in the scope of this security process. +are in the scope of this security process (including experimental APIs). If a stable branch is declared unmaintained (end of life), no fix will be applied.