This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Consensus: Security Hall of Fame, Security issue attributions, NEWS, and Contribution Checklist.
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, Florian Weimer <fweimer at redhat dot com>, Aurelien Jarno <aurelien at aurel32 dot net>, Mike Frysinger <vapier at gentoo dot org>, Allan McRae <allan at archlinux dot org>, Siddhesh Poyarekar <sid at reserved-bit dot com>, Andreas Schwab <schwab at suse dot de>, "Dmitry V. Levin" <ldv at altlinux dot org>, Khem Raj <raj dot khem at gmail dot com>, Adam Conrad <adconrad at 0c3 dot net>
- Date: Wed, 21 Oct 2015 13:57:11 -0400
- Subject: Consensus: Security Hall of Fame, Security issue attributions, NEWS, and Contribution Checklist.
- Authentication-results: sourceware.org; auth=none
Community,
In April we adjusted MAINTAINERS->Contacting Maintainers to point
at the new security process[1][2].
I have now adjusted the Contribution Checklist to point to
the security process as the first step[3].
I have suggested that we add an attribution section to the NEWS
for each release to thank those people who report bugs via the
security process and for which those bugs are fixed in the release.
This suggestion is now in the Committers checklist[4].
Lastly I suggest that we have a "Security Hall of Fame" wiki page
where we collate the NEWS attributions at release time to allow
people to view their names.
The goal of these changes is to encourage security related issues
to go through the security process.
I am particularly interested in distribution maintainer feedback
on the process and if they would like anything changed.
Cheers,
Carlos.
[1] https://sourceware.org/glibc/wiki/Security%20Process
[2] https://sourceware.org/glibc/wiki/Security%20Exceptions
[3] https://sourceware.org/glibc/wiki/Contribution%20checklist#Security
[4] https://sourceware.org/glibc/wiki/Committer%20checklist#Update_The_NEWS_File