The submitting patches mentions criteria for a fix to be called
"security fix". Add a link to document explaining the entire process
of handling security bugs.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Felipe Balbi <balbi@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200827105319.9734-1-krzk@kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
If you have a patch that fixes an exploitable security bug, send that patch
to security@kernel.org. For severe bugs, a short embargo may be considered
to allow distributors to get the patch out to users; in such cases,
-obviously, the patch should not be sent to any public lists.
+obviously, the patch should not be sent to any public lists. See also
+:ref:`Documentation/admin-guide/security-bugs.rst <security-bugs>`.
Patches that fix a severe bug in a released kernel should be directed
toward the stable maintainers by putting a line like this::