This is an archive of the discontinued LLVM Phabricator instance.

[Nomination] Adding an Nvidia representative to security group

Authored by nikhgupt on Jul 27 2021, 12:24 PM.




I am Nikhil Gupta, and I am the security lead for the NVIDIA compiler org. At Nvidia, we employ the LLVM project in various parts of our compiler stack. Security is a pressing concern for us (as I’m sure it is for others) and we are therefore interested in being part of the LLVM-Security committee. I would like to nominate myself to be a participating member in the committee.

According to the information on the website,, I fall under the following category: Vendor contacts

We are particularly interested in the following:

  1. Being aware of any security vulnerability that has been found in the compiler in a timely manner.
  2. Correctly reporting any vulnerabilities or other security issues we have found in the compiler stack.
  3. Discussing our use of static analysis / dynamic analysis / fuzzing / threat modelling with the committee and raising any concerns that have risen from said activities.

Looking forward to participating in further discussions and security sync ups with the rest of the committee


Diff Detail

Event Timeline

nikhgupt requested review of this revision.Jul 27 2021, 12:24 PM
nikhgupt created this revision.
pietroalbini edited reviewers, added: steveklabnik; removed: jfb, psmith, ributzka.Jul 27 2021, 3:26 PM

Synchronized the reviewers list with the one in D106917.

Thanks for adding the necessary reviewers @pietroalbini. Please let me know if there's anything required of me to better inform reviewers taking this call.

Personally I've no objections to Nikhil joining as a Vendor contact, unless there are any objections I'd be happy to add my approval. I think you'll need to rebase this on top of D107234.


Now D107234 has landed it would be good to update with a Phabricator name. If you haven't got one, D107234 has instructions on how to do that.

nikhgupt updated this revision to Diff 363481.Aug 2 2021, 8:06 AM

Updated information to match with format mentioned in D106917.

nikhgupt added inline comments.Aug 2 2021, 8:11 AM

Thanks Peter. I've added the tag info now. I am a little rusty with Phabricator so I hope I have rebased this correctly.

mattdr accepted this revision.Aug 2 2021, 9:34 AM
This revision is now accepted and ready to land.Aug 2 2021, 9:34 AM
peter.smith accepted this revision.Aug 3 2021, 1:33 AM

LGTM, thanks for updating the description.

How many more approvals are needed for this to be final? According to D99232, it looks like eight?

kristof.beyls accepted this revision.Aug 9 2021, 5:21 AM

How many more approvals are needed for this to be final? According to D99232, it looks like eight?

See, section "Choosing new members": "If a nomination for LLVM Security Group membership is supported by a majority of existing LLVM Security Group members, then it carries within five business days unless an existing member of the Security Group objects. If an objection is raised, the LLVM Security Group members should discuss the matter and try to come to consensus; failing this, the nomination will succeed only by a two-thirds supermajority vote of the LLVM Security Group."

With currently 16 listed members, that means 9 approvals to clearly exceed 50%?

I approve adding Nikhil Gupta.

FWIW, there are monthly public LLVM security calls, for anything related to LLVM and security that can be discussed openly. See for details.

shayne.hietblock accepted this revision.Aug 9 2021, 3:05 PM
pietroalbini accepted this revision.Aug 16 2021, 10:47 AM

Thanks @pietroalbini. I am still short of 3 votes according to @kristof.beyls's comment. Requesting others to chime in as well.

I also intend on attending the sync up meeting on 8/17 to field any questions regarding this request.

ab accepted this revision.Aug 17 2021, 10:18 AM
probinson accepted this revision.Aug 17 2021, 11:09 AM
steveklabnik accepted this revision.Aug 17 2021, 11:13 AM
dim accepted this revision.Aug 17 2021, 11:30 AM
This revision was automatically updated to reflect the committed changes.