Skip to content

docs: add security policy and vulnerability reporting page #553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add security policy and vulnerability reporting page #553

wants to merge 1 commit into from
+84 −0

Conversation

padovan
Copy link
Contributor

@padovan padovan commented Oct 9, 2025

No description provided.

@padovan
Copy link
Contributor Author

padovan commented Oct 9, 2025

/staging

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2025

Your PR has been deployed to staging. Staging URL: https://static.staging.kernelci.org/ After testing, you can merge your PR. Note: This is a temporary staging URL, if anyone else will test another PR, it will override contents.

@tom-gall
Copy link

tom-gall commented Oct 9, 2025

I wonder if pointers to Linux Kernel security resources might also be wise. I can see people getting confused reporting a kernel issue to KernelCI when that would obviously be incorrect.

patersonc
patersonc requested changes Oct 10, 2025
View reviewed changes
Copy link
Collaborator

@patersonc patersonc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR @padovan!

kernelci.org/content/en/org/security.md

If you discover a security vulnerability in any KernelCI project, please report it responsibly by emailing:

**[[email protected]](mailto:[email protected])**
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this temporary until a "security" email is set up? Or are we going to stick with using this address?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

personally I would prefer to have something like kernelci-security or security

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see an issue in using the sysadmin one for the time being. I expect that the use of this email for security report will be very low. Having another mailing list will add overhead to manage that as well, so I'd start small here.

@padovan
Copy link
Contributor Author

padovan commented Oct 10, 2025

/staging

@github-actions GitHub Actions
Copy link

Your PR has been deployed to staging. Staging URL: https://static.staging.kernelci.org/ After testing, you can merge your PR. Note: This is a temporary staging URL, if anyone else will test another PR, it will override contents.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aliceinwire aliceinwire aliceinwire approved these changes

@patersonc patersonc patersonc requested changes

@nuclearcat nuclearcat Awaiting requested review from nuclearcat

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@padovan @tom-gall @aliceinwire @patersonc