Documentation/security-bugs: Explain why plain text is preferred

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The security contact list gets regular reports contained in archive
attachments. This tends to add some back-and-forth delay in dealing with
security reports since we have to ask for plain text, etc.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Willy Tarreau <w@1wt.eu>
Link: https://lore.kernel.org/r/202007091110.205DC6A9@keescook
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Kees Cook and committed by

Jonathan Corbet 5 years ago dbf35499 0288199e

+8 -1

1 changed file

expand all

Documentation

admin-guide

security-bugs.rst

+8 -1

Documentation/admin-guide/security-bugs.rst

··· 21 21 22 22 As it is with any bug, the more information provided the easier it 23 23 will be to diagnose and fix. Please review the procedure outlined in 24 - admin-guide/reporting-bugs.rst if you are unclear about what 24 + :doc:`reporting-bugs` if you are unclear about what 25 25 information is helpful. Any exploit code is very helpful and will not 26 26 be released without consent from the reporter unless it has already been 27 27 made public. 28 + 29 + Please send plain text emails without attachments where possible. 30 + It is much harder to have a context-quoted discussion about a complex 31 + issue if all the details are hidden away in attachments. Think of it like a 32 + :doc:`regular patch submission <../process/submitting-patches>` 33 + (even if you don't have a patch yet): describe the problem and impact, list 34 + reproduction steps, and follow it with a proposed fix, all in plain text. 28 35 29 36 Disclosure and embargoed information 30 37 ------------------------------------