[DOCS] include a tarball of docs, add a security faq (#5119)

* [DOCS] include a tarball of docs during deployment

* [DOCS] Add a short security faq

diff --git a/Jenkinsfile b/Jenkinsfile
index 8ef5f58..b031af5 100644 (file)
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -350,6 +350,7 @@ stage('Deploy') {
       ws(per_exec_ws("tvm/deploy-docs")) {
         if (env.BRANCH_NAME == "master") {
            unpack_lib('mydocs', 'docs.tgz')
+           sh "cp docs.tgz -C /var/docs/docs.tgz"
            sh "tar xf docs.tgz -C /var/docs"
         }
       }

diff --git a/docs/dev/index.rst b/docs/dev/index.rst
index 77e72ba..be29a1f 100644 (file)
--- a/docs/dev/index.rst
+++ b/docs/dev/index.rst
@@ -39,3 +39,4 @@ In this part of documentation, we share the rationale for the specific choices m
    inferbound
    benchmark
    introduction_to_module_serialization
+   security

diff --git a/docs/dev/security.rst b/docs/dev/security.rst
new file mode 100644 (file)
index 0000000..6d20e5d
--- /dev/null
+++ b/docs/dev/security.rst
@@ -0,0 +1,43 @@
+..  Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+..    http://www.apache.org/licenses/LICENSE-2.0
+
+..  Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+.. _dev-security:
+
+Security
+========
+
+Reporting Security Issues
+-------------------------
+
+The Apache Software Foundation takes a very active stance in eliminating security problems and denial of service attacks against its products.
+We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum.
+
+Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other queries at this address. All mail sent to this address that does not relate to an undisclosed security problem in our source code will be ignored.
+Questions about: if a vulnerability applies to your particular application obtaining further information on a published vulnerability availability of patches
+and/or new releases should be addressed to to the user discuss forum.
+
+The private security mailing address is: `security@apache.org <security@apache.org>`_.
+Feel free to consult the `Apache Security guide <https://www.apache.org/security/>`_.
+
+
+Considerations
+--------------
+The default binary generated by TVM only relies on a minimum runtime API.
+The runtime depends on a limited set of system calls(e.g. malloc) in the system library.
+
+AutoTVM data exchange between the tracker, server and client are in plain-text.
+It is recommended to use them under trusted networking environment or encrypted channels.

diff --git a/docs/faq.rst b/docs/faq.rst
index 32714b0..4104c82 100644 (file)
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -62,3 +62,8 @@ TVM can incorporate these libraries as external calls. One goal of TVM is to be
 generate high-performing kernels. We will evolve TVM an incremental manner as
 we learn from the techniques of manual kernel crafting and add these as primitives in DSL.
 See also top for recipes of operators in TVM.
+
+
+Security
+--------
+See :ref:`dev-security`