Please use GitHub pull requests for new patches. Phabricator shutdown timeline

Differential D106917 Diff 362908 llvm/docs/Security.rst

Changeset View

Standalone View

llvm/docs/Security.rst

Show All 25 Lines


Group Composition		Group Composition
=================		=================

Security Group Members		Security Group Members
----------------------		----------------------

The members of the group represent a wide cross-section of the community, and meet the criteria for inclusion below.		The members of the group represent a wide cross-section of the community, and meet the criteria for inclusion below. The list is in the format `* ${full_name} (${affiliation}) [${phabricator_username}]`. If a phabricator username for an individual isn't available, the brackets will be empty.

* Ahmed Bougacha (Apple)		* Ahmed Bougacha (Apple) [ab]
* Artur Pilipenko (Azul Systems Inc)		* Artur Pilipenko (Azul Systems Inc) [apilipenko]
* Dimitry Andric (individual; FreeBSD)		* Dimitry Andric (individual; FreeBSD) [dim]
* Ed Maste (individual; FreeBSD)		* Ed Maste (individual; FreeBSD) [emaste]
* George Burgess IV (Google)		* George Burgess IV (Google) [george.burgess.iv]
* Josh Eads (Sony)		* Josh Eads (Sony) []
* Kate McInnes (Apple)		* Kate McInnes (Apple) []
* Kristof Beyls (ARM)		* Kristof Beyls (ARM) [kristof.beyls]
* Matthew Riley (Google)		* Matthew Riley (Google) [mattdr]
* Oliver Hunt (Apple)		* Oliver Hunt (Apple) [ojhunt]
* Paul Robinson (Sony)		* Paul Robinson (Sony) [probinson]
* Peter Smith (ARM)		* Peter Smith (ARM) [peter.smith]
* Pietro Albini (individual; Rust)		* Pietro Albini (individual; Rust) [pietroalbini]
* Serge Guelton (RedHat)		* Serge Guelton (RedHat) [serge-sans-paille]
* Shayne Hiet-Block (Microsoft)		* Shayne Hiet-Block (Microsoft) [Shayne]
* Steve Klabnik (Oxide Computer Company; Rust)		* Steve Klabnik (Oxide Computer Company; Rust) [steveklabnik]

Criteria		Criteria
--------		--------

* Nominees for LLVM Security Group membership should fall in one of these groups:		* Nominees for LLVM Security Group membership should fall in one of these groups:

- Individual contributors:		- Individual contributors:

Show All 20 Lines	* Additionally, the following are necessary but not sufficient criteria for membership in the LLVM Security Group:
- When nominated as a vendor contact, their position with that vendor remains the same as when originally nominated.		- When nominated as a vendor contact, their position with that vendor remains the same as when originally nominated.
- Nominees are trusted by existing Security Group members to keep communications embargoed while still active.		- Nominees are trusted by existing Security Group members to keep communications embargoed while still active.

Nomination process		Nomination process
------------------		------------------

Anyone who feels they meet these criteria can nominate themselves, or may be nominated by a third party such as an existing LLVM Security Group member. The nomination should state whether the nominee is nominated as an individual, researcher, or as a vendor contact. It should clearly describe the grounds for nomination.		Anyone who feels they meet these criteria can nominate themselves, or may be nominated by a third party such as an existing LLVM Security Group member. The nomination should state whether the nominee is nominated as an individual, researcher, or as a vendor contact. It should clearly describe the grounds for nomination.

FUTURE: where nomination occurs (mailing list, GitHub, etc), can be decided later. See `Discussion Medium`_ below.		For the moment, nominations are generally proposed, discussed, and voted on using Phabricator. An `example nomination is available here`_. The use of Phabricator helps keep membership discussions open, transparent, and easily accessible to LLVM developers in many ways. If, for any reason, a fully-world-readable nomination seems inappropriate, you may `open a new issue`_, and a discussion can be had about the best way to approach nomination, given the constraints that individuals are under.

		Our recommended method of nomination may change as our `Discussion Medium`_ story evolves over time.

Choosing new members		Choosing new members
--------------------		--------------------

If a nomination for LLVM Security Group membership is supported by a majority of existing LLVM Security Group members, then it carries within five business days unless an existing member of the Security Group objects. If an objection is raised, the LLVM Security Group members should discuss the matter and try to come to consensus; failing this, the nomination will succeed only by a two-thirds supermajority vote of the LLVM Security Group.		If a nomination for LLVM Security Group membership is supported by a majority of existing LLVM Security Group members, then it carries within five business days unless an existing member of the Security Group objects. If an objection is raised, the LLVM Security Group members should discuss the matter and try to come to consensus; failing this, the nomination will succeed only by a two-thirds supermajority vote of the LLVM Security Group.

Accepting membership		Accepting membership
--------------------		--------------------
▲ Show 20 Lines • Show All 123 Lines • ▼ Show 20 Lines


.. _CVE process: https://cve.mitre.org		.. _CVE process: https://cve.mitre.org
.. _open a new issue: https://bugs.chromium.org/p/llvm/issues/entry		.. _open a new issue: https://bugs.chromium.org/p/llvm/issues/entry
.. _chromium issue tracker: https://crbug.com		.. _chromium issue tracker: https://crbug.com
.. _GitHub security: https://help.github.com/en/articles/about-maintainer-security-advisories		.. _GitHub security: https://help.github.com/en/articles/about-maintainer-security-advisories
.. _llvm-dev mailing list: https://lists.llvm.org/mailman/listinfo/llvm-dev		.. _llvm-dev mailing list: https://lists.llvm.org/mailman/listinfo/llvm-dev
.. _MITRE: https://cve.mitre.org		.. _MITRE: https://cve.mitre.org
		.. _example nomination is available here: https://reviews.llvm.org/D99232