diff mbox series

[iproute2] Add a security policy

Message ID 20230929230629.66868-1-stephen@networkplumber.org (mailing list archive)
State Accepted
Commit 015d8e7fb877550e859fda28986816fca1777dd8
Delegated to: David Ahern
Headers show
Series [iproute2] Add a security policy | expand

Checks

Context Check Description
netdev/tree_selection success Not a local patch

Commit Message

Stephen Hemminger Sept. 29, 2023, 11:06 p.m. UTC
Iproute2 security policy is minimal since the security
domain is controlled by the kernel. But it should be documented
before some new security related bug arises at some future time.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

Comments

patchwork-bot+netdevbpf@kernel.org Oct. 2, 2023, 9:40 p.m. UTC | #1
Hello:

This patch was applied to iproute2/iproute2.git (main)
by Stephen Hemminger <stephen@networkplumber.org>:

On Fri, 29 Sep 2023 16:06:29 -0700 you wrote:
> Iproute2 security policy is minimal since the security
> domain is controlled by the kernel. But it should be documented
> before some new security related bug arises at some future time.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
>  SECURITY.md | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>  create mode 100644 SECURITY.md

Here is the summary with links:
  - [iproute2] Add a security policy
    https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=015d8e7fb877

You are awesome, thank you!
diff mbox series

Patch

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..d5a7775fc147
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@ 
+# Security Policy
+
+## Reporting a vulnerability
+
+The iproute2 suite of utilities is tightly coupled with the Linux
+kernel networking. Therefore the bug reporting process mirrors
+the Linux kernel. Most security problems reported related to
+iproute2 are really Linux kernel issues (a.k.a Shoot the messenger)
+and are best handled via
+[Linux Security Bugs](https://docs.kernel.org/process/security-bugs.html).
+
+For other issues please report bugs to netdev@vger.kernel.org
+and include an example script.
+
+## Supported Versions
+
+There are no official "Long Term Support" versions for iproute2.
+The iproute2 version matches the Linux kernel versions.
+There will be occasional maintenance releases for serious
+issues if found. Users who need support are encouraged
+to use the version of iproute2 found in major distributions.