From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bumble.birch.relay.mailchannels.net (bumble.birch.relay.mailchannels.net [23.83.209.25]) by sourceware.org (Postfix) with ESMTPS id A10553858D20 for ; Wed, 5 Apr 2023 19:24:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A10553858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 02E2F760A55; Wed, 5 Apr 2023 19:24:45 +0000 (UTC) Received: from pdx1-sub0-mail-a305.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 752EA761359; Wed, 5 Apr 2023 19:24:44 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1680722684; a=rsa-sha256; cv=none; b=Z3k0PZ2/VFuEs3dXIiypPU4s5aX1vH+dqIR2YCAP/Ssl2PqxGrve5UJmVDGszKtAzYWEkh truvauB2ZQEV7Q7vNS4qvxr5WERpcLNjm6mvk4SJeUAJw1xxSZ4TeCkC//ZR7pKDSuCsCW zOvF/vkgov2aWbNagEtTQtP01o1kG2P5fgtxMXxsOWYNeGbkZdY9t6uOPKC+GTpUGaXae5 nhh4s2WrpwEx/a+OUW5j0W3tjanBM+71BEo80Y6im/bQKM0dHV24veKmnCArXChNNvfl2i O00NKw80b1nkmC77tsFjFi7KJ4UOP1n8znUc8CdnJBVbvQGSgmRfjoqE4sfVYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1680722684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8Aqzp/aKcSZIvsoSHtAsoY8GrPCd5vNsTziwO4mmshc=; b=2ZBMXEFR85Vd/ZzCoPrCyrwBaq+Hw4iJ++zZznnL3sC0UFLzq3iVYMHEdkhGq4Cpi3+Y6t uTsTY6pLisApsYgyMwfki3gJDs+pY23OHzA5z7PJDQq/cy1Nu7QKEqEbZQUpBr/OBz1nY8 ShCoOb7z7P+fm+/BfpAlwAdY06SOIiv3xXcDh99JMo0aszMs7A71wm4dtDIOgf6EazGLc3 Z1cDmRQYf5Ig3tj0uv4CO445Y53Gs7vb3hZOi2f8E2zUNn/DBfj8/L/dCr1jt1xCiapjhD 8moP38wtynCD0xGU5xOJs5DXOhPhgzKPHEDkhz8KE1qGqy6Q9Qr4a0Dz4pVIbA== ARC-Authentication-Results: i=1; rspamd-786cb55f77-9v5hg; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Befitting-Whimsical: 6b0c7fff73d51600_1680722684786_2608809561 X-MC-Loop-Signature: 1680722684786:3934702476 X-MC-Ingress-Time: 1680722684786 Received: from pdx1-sub0-mail-a305.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.109.138.21 (trex/6.7.2); Wed, 05 Apr 2023 19:24:44 +0000 Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a305.dreamhost.com (Postfix) with ESMTPSA id 4PsF236ymxzJp; Wed, 5 Apr 2023 12:24:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1680722684; bh=8Aqzp/aKcSZIvsoSHtAsoY8GrPCd5vNsTziwO4mmshc=; h=Date:Subject:From:To:Cc:Content-Type:Content-Transfer-Encoding; b=OCG8+3jP2X6+6VPUiQuvZDxUBRCYZHDiJuSXMVDVbISaBADShJBkDpU9Qc93ePb0A 4YZODUh/cgQcWx1Y5oPCR2YFAms7Y6IV6E3sH/CLOUdMkbI75K4s3++r1kzhNjbeEe pBk8OqzhA5i3/fnVc6k8VRhHXQMosTMIuDDQNRDxLizOVF3+Suktv2u5xoxdahln/V pXY5HTJCPAXN6gjJe1tltfMh9Z9QjNIO95l690W3UVvrlax+DDAnrAZRgAEnpSZamt JF5gC2LnhP2BWO8nCYqcsQrbu8lkqf2ZlQWmNtmebsV56ZxXbhnV0vbJezDkmjb2TD /fDRJ3DCmHbVA== Message-ID: <3bba36db-1422-61b4-2411-e11628087aef@gotplt.org> Date: Wed, 5 Apr 2023 15:24:43 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH] Provide a SECURITY.md for glibc. Content-Language: en-US From: Siddhesh Poyarekar To: Carlos O'Donell , Florian Weimer Cc: libc-alpha@sourceware.org References: <20230222171920.113859-1-carlos@redhat.com> <87r0ug38tj.fsf@oldenburg.str.redhat.com> <1707ded6-1f65-447e-6cef-599241524ef6@gotplt.org> In-Reply-To: <1707ded6-1f65-447e-6cef-599241524ef6@gotplt.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3027.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MEDICAL_SUBJECT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-03-27 09:18, Siddhesh Poyarekar wrote: > On 2023-02-23 14:15, Carlos O'Donell via Libc-alpha wrote: >> Github itself can be configured with a security policy around this topic: >> https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository > > Maybe this should be noted in the git commit log for posterity. Also, I wonder if it makes sense to move all of that content off the wiki and into the SECURITY.md. Thanks, Sid