* [committed 0/2] SECURITY.txt: Trivial fixups
@ 2023-10-05 16:05 Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 1/2] secpol: add grammatically missing commas / remove one excess instance Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 2/2] secpol: consistent indentation Siddhesh Poyarekar
0 siblings, 2 replies; 3+ messages in thread
From: Siddhesh Poyarekar @ 2023-10-05 16:05 UTC (permalink / raw)
To: gcc-patches
Committed some trivial comma and indentation fixups that Jan shared with
me off-list.
Jan Engelhardt (2):
secpol: add grammatically missing commas / remove one excess instance
secpol: consistent indentation
SECURITY.txt | 48 ++++++++++++++++++++++++------------------------
1 file changed, 24 insertions(+), 24 deletions(-)
--
2.41.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [committed 1/2] secpol: add grammatically missing commas / remove one excess instance
2023-10-05 16:05 [committed 0/2] SECURITY.txt: Trivial fixups Siddhesh Poyarekar
@ 2023-10-05 16:05 ` Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 2/2] secpol: consistent indentation Siddhesh Poyarekar
1 sibling, 0 replies; 3+ messages in thread
From: Siddhesh Poyarekar @ 2023-10-05 16:05 UTC (permalink / raw)
To: gcc-patches; +Cc: Jan Engelhardt
From: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ChangeLog:
* SECURITY.txt: Fix up commas.
---
SECURITY.txt | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/SECURITY.txt b/SECURITY.txt
index b65f24cfc2a..93792923583 100644
--- a/SECURITY.txt
+++ b/SECURITY.txt
@@ -3,12 +3,12 @@ What is a GCC security bug?
A security bug is one that threatens the security of a system or
network, or might compromise the security of data stored on it.
- In the context of GCC there are multiple ways in which this might
+ In the context of GCC, there are multiple ways in which this might
happen and some common scenarios are detailed below.
If you're reporting a security issue and feel like it does not fit
into any of the descriptions below, you're encouraged to reach out
- through the GCC bugzilla or if needed, privately, by following the
+ through the GCC bugzilla or, if needed, privately, by following the
instructions in the last two sections of this document.
Compiler drivers, programs, libgccjit and support libraries
@@ -24,11 +24,11 @@ Compiler drivers, programs, libgccjit and support libraries
The libgccjit library can, despite the name, be used both for
ahead-of-time compilation and for just-in-compilation. In both
- cases it can be used to translate input representations (such as
- source code) in the application context; in the latter case the
+ cases, it can be used to translate input representations (such as
+ source code) in the application context; in the latter case, the
generated code is also run in the application context.
- Limitations that apply to the compiler driver, apply here too in
+ Limitations that apply to the compiler driver apply here too in
terms of trusting inputs and it is recommended that both the
compilation *and* execution context of the code are appropriately
sandboxed to contain the effects of any bugs in libgccjit, the
@@ -43,7 +43,7 @@ Compiler drivers, programs, libgccjit and support libraries
Libraries such as zlib that are bundled with GCC to build it will be
treated the same as the compiler drivers and programs as far as
- security coverage is concerned. However if you find an issue in
+ security coverage is concerned. However, if you find an issue in
these libraries independent of their use in GCC, you should reach
out to their upstream projects to report them.
@@ -97,7 +97,7 @@ Language runtime libraries
* libssp
* libstdc++
- These libraries are intended to be used in arbitrary contexts and as
+ These libraries are intended to be used in arbitrary contexts and, as
a result, bugs in these libraries may be evaluated for security
impact. However, some of these libraries, e.g. libgo, libphobos,
etc. are not maintained in the GCC project, due to which the GCC
@@ -145,7 +145,7 @@ GCC plugins
It should be noted that GCC may execute arbitrary code loaded by a
user through the GCC plugin mechanism or through system preloading
- mechanism. Such custom code should be vetted by the user for safety
+ mechanism. Such custom code should be vetted by the user for safety,
as bugs exposed through such code will not be considered security
issues.
--
2.41.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [committed 2/2] secpol: consistent indentation
2023-10-05 16:05 [committed 0/2] SECURITY.txt: Trivial fixups Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 1/2] secpol: add grammatically missing commas / remove one excess instance Siddhesh Poyarekar
@ 2023-10-05 16:05 ` Siddhesh Poyarekar
1 sibling, 0 replies; 3+ messages in thread
From: Siddhesh Poyarekar @ 2023-10-05 16:05 UTC (permalink / raw)
To: gcc-patches; +Cc: Jan Engelhardt
From: Jan Engelhardt <jengelh@inai.de>
86% of the document have 4 spaces; adjust the remaining 14%.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ChangeLog:
* SECURITY.txt: Fix up indentation.
---
SECURITY.txt | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/SECURITY.txt b/SECURITY.txt
index 93792923583..b3e2bbfda90 100644
--- a/SECURITY.txt
+++ b/SECURITY.txt
@@ -173,33 +173,33 @@ Security features implemented in GCC
Reporting private security bugs
===============================
- *All bugs reported in the GCC Bugzilla are public.*
+ *All bugs reported in the GCC Bugzilla are public.*
- In order to report a private security bug that is not immediately
- public, please contact one of the downstream distributions with
- security teams. The following teams have volunteered to handle
- such bugs:
+ In order to report a private security bug that is not immediately
+ public, please contact one of the downstream distributions with
+ security teams. The following teams have volunteered to handle
+ such bugs:
Debian: security@debian.org
Red Hat: secalert@redhat.com
SUSE: security@suse.de
AdaCore: product-security@adacore.com
- Please report the bug to just one of these teams. It will be shared
- with other teams as necessary.
+ Please report the bug to just one of these teams. It will be shared
+ with other teams as necessary.
- The team contacted will take care of details such as vulnerability
- rating and CVE assignment (http://cve.mitre.org/about/). It is likely
- that the team will ask to file a public bug because the issue is
- sufficiently minor and does not warrant an embargo. An embargo is not
- a requirement for being credited with the discovery of a security
- vulnerability.
+ The team contacted will take care of details such as vulnerability
+ rating and CVE assignment (http://cve.mitre.org/about/). It is likely
+ that the team will ask to file a public bug because the issue is
+ sufficiently minor and does not warrant an embargo. An embargo is not
+ a requirement for being credited with the discovery of a security
+ vulnerability.
Reporting public security bugs
==============================
- It is expected that critical security bugs will be rare, and that most
- security bugs can be reported in GCC, thus making
- them public immediately. The system can be found here:
+ It is expected that critical security bugs will be rare, and that most
+ security bugs can be reported in GCC, thus making
+ them public immediately. The system can be found here:
https://gcc.gnu.org/bugzilla/
--
2.41.0
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-10-05 16:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-05 16:05 [committed 0/2] SECURITY.txt: Trivial fixups Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 1/2] secpol: add grammatically missing commas / remove one excess instance Siddhesh Poyarekar
2023-10-05 16:05 ` [committed 2/2] secpol: consistent indentation Siddhesh Poyarekar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).