From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jian.j.wang@intel.com) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by groups.io with SMTP; Sun, 14 Apr 2019 22:36:26 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Apr 2019 22:36:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,352,1549958400"; d="scan'208";a="161923687" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga004.fm.intel.com with ESMTP; 14 Apr 2019 22:36:25 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 14 Apr 2019 22:36:25 -0700 Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 14 Apr 2019 22:36:24 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.153]) by SHSMSX108.ccr.corp.intel.com ([169.254.8.147]) with mapi id 14.03.0415.000; Mon, 15 Apr 2019 13:36:23 +0800 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "lersek@redhat.com" CC: "Zimmer, Vincent" , "Cetola, Stephano" , "Gao, Liming" Subject: Re: [edk2-devel] [RFC] Propose update of security bug handling process Thread-Topic: [edk2-devel] [RFC] Propose update of security bug handling process Thread-Index: AdTxCJTjh1H4x3rETfezbyxAIi9GwP//xbaA//tegYA= Date: Mon, 15 Apr 2019 05:36:22 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYjZmM2RiZGItMGM1Ni00YzgxLThjY2MtNTQxOWM5YTUzYzYxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUzFEWGVYb2o5MFUrZGpVOU1CUkxVakwwYjdUXC9HZkplcUVtdjlJR1JLcGNoVlRNY21OK2hrRkpTRjF4TTROZ1MifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TGFzemxvLA0KDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogZGV2ZWxA ZWRrMi5ncm91cHMuaW8gW21haWx0bzpkZXZlbEBlZGsyLmdyb3Vwcy5pb10gT24gQmVoYWxmIE9m DQo+IExhc3psbyBFcnNlaw0KPiBTZW50OiBGcmlkYXksIEFwcmlsIDEyLCAyMDE5IDg6NTIgUE0N Cj4gVG86IFdhbmcsIEppYW4gSiA8amlhbi5qLndhbmdAaW50ZWwuY29tPg0KPiBDYzogZGV2ZWxA ZWRrMi5ncm91cHMuaW87IFppbW1lciwgVmluY2VudCA8dmluY2VudC56aW1tZXJAaW50ZWwuY29t PjsNCj4gQ2V0b2xhLCBTdGVwaGFubyA8c3RlcGhhbm8uY2V0b2xhQGludGVsLmNvbT47IEdhbywg TGltaW5nDQo+IDxsaW1pbmcuZ2FvQGludGVsLmNvbT4NCj4gU3ViamVjdDogUmU6IFtlZGsyLWRl dmVsXSBbUkZDXSBQcm9wb3NlIHVwZGF0ZSBvZiBzZWN1cml0eSBidWcgaGFuZGxpbmcgcHJvY2Vz cw0KPiANCj4gKERyb3BwaW5nIGJ1Z3NAZWRrMi5ncm91cHMuaW8gPGJ1Z3NAZWRrMi5ncm91cHMu aW8+IGZyb20gdGhlIGFkZHJlc3MNCj4gbGlzdCwgYXMgdGhhdCBzaG91bGQgYmUgYSBsaXN0IHRv IHJlY2VpdmUgYXV0b21hdGVkIEJ1Z3ppbGxhIGVtYWlsLikNCj4gDQo+IE9uIDA0LzEyLzE5IDEw OjQzLCBXYW5nLCBKaWFuIEogd3JvdGU6DQo+ID4gSGksDQo+ID4NCj4gPiBDdXJyZW50bHksIHdl IGdlbmVyYWxseSBmb2xsb3cgYmVsb3cgcHJvY2VzcyB0byBoYW5kbGUgc2VjdXJpdHkgYnVncy4N Cj4gPiBCdXQgdGhlcmUncmUgbm8gZG9jdW1lbnQgdG8gZGVzY3JpYmUgdGhlIGRldGFpbGVkIHdv cmtpbmcgZmxvdy4gVGhlcmUncmUNCj4gPiBhbHNvIGRpc2N1c3Npb25zIG9uIGxhY2tpbmcgb2Yg aW1wb3J0YW50IGluZm9ybWF0aW9uLCBwb29yIGlzc3VlIGRlc2NyaXB0aW9uDQo+ID4gYW5kIG5v IHRpbWVseSBub3RpZmljYXRpb24gb24gdXBkYXRlLCBldGMuDQo+ID4NCj4gPiAgICAgICAgIjAg LSBOZXcgU2VjdXJpdHkgQnVnIg0KPiA+ICAgLT4gIjEgLSBUcmlhZ2UiDQo+ID4gICAtPiAiMiAt IE1pdGlnYXRpb24iDQo+ID4gICAtPiAiMyAtIEVtYmFyZ28iDQo+ID4gICAtPiAiNCAtIERpc2Ns b3N1cmUiDQo+ID4gICAtPiAiNSAtIEV4aXQiOw0KPiA+DQo+ID4gSSBoYXZlIGEgcHJvcG9zYWwg YXQgZm9sbG93aW5nIHBhZ2UgdG8gZWxhYm9yYXRlIHRoZSBwcm9jZXNzIGFuZCB0cnkgdG8gYWRk cmVzcw0KPiA+IGFsbCBwcm9ibGVtcyByZXBvcnRlZCBzbyBmYXIuIEZvbGxvd2luZyBjb250ZW50 IGlzIGZvciBkaXNjdXNzaW9uIG9ubHkuIE9uY2UgdGhlDQo+ID4gcHJvY2VzcyBpcyBmaW5hbGl6 ZWQsIGl0IHdpbGwgYmUgbW92ZWQgdG8gb2ZmaWNpYWwgZWRrMiB3aWtpIHBhZ2UuDQo+ID4NCj4g PiBodHRwczovL2dpdGh1Yi5jb20vandhbmczNi90aWFub2NvcmUuZ2l0aHViLmlvL3dpa2kvUHJv cG9zYWwtb2Ytc2VjdXJpdHktDQo+IGlzc3VlLXByb2Nlc3MNCj4gPg0KPiA+IEFueSBvcGluaW9u cyBhbmQgc3VnZ2VzdGlvbnMgYXJlIHdlbGNvbWVkLg0KPiANCj4gVGhhbmtzIGZvciB3b3JraW5n IG9uIHRoaXMhDQo+IA0KPiBJJ3ZlIHNraW1tZWQgdGhlIGRpYWdyYW1zLiBJIGhhdmUgb25lIHN1 Z2dlc3Rpb24gYW5kIG9uZSByZXF1ZXN0IGZvcg0KPiBjbGFyaWZpY2F0aW9uLg0KPiANCj4gDQo+ IC0gU3VnZ2VzdGlvbjogYSBDVkUgbnVtYmVyIHNob3VsZCBiZSByZXF1ZXN0ZWQgKGlmIGFwcHJv cHJpYXRlKSBhcyBzb29uDQo+IGFzIHRoZSBDVlNTIHNjb3JlIChpLmUuIHRoZSBuYXR1cmUgb2Yg dGhlIHZ1bG5lcmFiaWxpdHkpIGhhcyBiZWVuDQo+IGNhbGN1bGF0ZWQsIGFuZCBpdCBoYXMgYmVl biBkZXRlcm1pbmVkIHdoZXRoZXIgcGxhdGZvcm1zIGluIHByYWN0aWNlDQo+IChib3RoIHBoeXNp Y2FsIGFuZCB2aXJ0dWFsKSBhcmUgYWZmZWN0ZWQuDQo+IA0KPiBUaGlzIGlzIGltcG9ydGFudCBi ZWNhdXNlIHZlbmRvcnMgc2hvdWxkIGhhdmUgYSBjb21tb24gKGNyb3NzLXZlbmRvcikNCj4gcmVm ZXJlbmNlIGZvciB0cmFja2luZyB0aGUgaXNzdWUgZXZlbiBpbiB0aGVpciBvd24gaW50ZXJuYWwg c3lzdGVtcywgYW5kDQo+IHRoaXMgcmVmZXJlbmNlIHNob3VsZCBiZSBhdmFpbGFibGUgdG8gYWxs IHZlbmRvcnMgaW50ZXJuYWxseSBhcyBzb29uIGFzDQo+IHVwc3RyZWFtIGRldGVybWluZXMgdGhl IGlzc3VlIGhhcyBzZWN1cml0eSBpbXBhY3QuDQo+IA0KPiBBZGRpdGlvbmFsbHksIGFzIHNvb24g YXMgbWVtYmVycyBiZWdpbiBjb2xsYWJvcmF0aW5nIG9uIGFjdHVhbCBwYXRjaGVzLA0KPiB0aGUg cGF0Y2hlcyBzaG91bGQgY2FycnkgdGhlIENWRSBudW1iZXIgaW4gdGhlIHN1YmplY3QgbGluZShz KS4NCj4gDQoNCk5vIHN0cm9uZyBvcGluaW9uLiBJZiBubyBvYmplY3Rpb24sIGxldCdzIGRvIGFz IHlvdSBzdWdnZXN0ZWQuDQoNCj4gDQo+IC0gUmVxdWVzdCBmb3IgY2xhcmlmaWNhdGlvbjogdGhl IEVtYmFyZ28gZGlhZ3JhbSBzaG91bGQgY2xhcmlmeSB0aGF0DQo+IHZlbmRvcnMgYXJlICpmb3Ji aWRkZW4qIGZyb20gc2hpcHBpbmcgZml4ZXMgaW4gdGhlaXIgb3duIHByb2R1Y3RzLA0KPiByZWdh cmRsZXNzIG9mIGZvcm1hdCwgdW50aWwgdGhlIGVtYmFyZ28gaXMgbGlmdGVkLiBUaGUgcG9pbnQg b2YgYW4NCj4gZW1iYXJnbyBpcyB0byByZWxlYXNlL3NoaXAgdGhlIGZpeGVzIGFsbCBhdCBvbmNl LCBhY3Jvc3MgYWxsIHZlbmRvcnMuDQo+IA0KPiBJdCdzIE9LIHRvIHdhaXQgZm9yIGEgd2hpbGUg YmV0d2VlbiAiMy41IEFubm91bmNlIEVtYmFyZ28gRW5kIiwgYW5kICI0LjMNCj4gT3BlbiBCWiBU byBQdWJsaWMiIC8gIjQuNCBPcGVuIHNvdXJjZSB0aGUgcGF0Y2giLiBUaGF0J3MgdGhlIGludGVy dmFsDQo+IHdoZW4gdmVuZG9ycyB3b3VsZCByZWxlYXNlIHRoZWlyIGZpeGVzIGFsbCB0b2dldGhl ci4NCj4gDQo+IEl0J3MgKm5vdCogT0ssIGZvciBhbnkgdmVuZG9yLCB0byBzaGlwIHRoZWlyIG93 biBmaXhlcyBiZWZvcmUgIjMuNQ0KPiBBbm5vdW5jZSBFbWJhcmdvIEVuZCIuDQo+IA0KPiBZZXMs IHRoaXMgbWVhbnMgdGhhdCBzb21lIHZlbmRvcnMgd2lsbCBoYXZlIHRvIHdhaXQgb24gb3RoZXIg dmVuZG9ycywNCj4gYW5kIHNvbWUgdmVuZG9ycyB3aWxsIGhhdmUgdG8gd29yayBtb3JlIGhhc3Rp bHkgdGhhbiB0aGV5IGFyZSB1c2VkIHRvLA0KPiBmb3IgdGhlIHNha2Ugb2Ygb3RoZXIgdmVuZG9y cy4gVGhpcyBpcyB3aGF0IGNvb3JkaW5hdGVkL3Jlc3BvbnNpYmxlDQo+IGRpc2Nsb3N1cmUgbWVh bnMsIGFuZCBpdCBhaW1zIHRvIGJlbmVmaXQgdGhlIGN1bXVsYXRpdmUgdXNlciBiYXNlLg0KDQpJ IHRoaW5rIGl0J3MgaW1wcmFjdGljYWwgdG8gYXNrIGFsbCB2ZW5kb3JzIHRvIHJlbGVhc2UgdGhl IGZpeGVzIGF0IHRoZSBzYW1lDQp0aW1lLiBUaGUgbG9uZ2VyIGEgc2VjdXJpdHkgaXNzdWUgZXhp c3RzIGluIGEgcHJvZHVjdCwgdGhlIG1vcmUgZGFtYWdlDQptYXkgYmUgY2F1c2VkIHBvdGVudGlh bGx5LiBJIGRvbid0IHRoaW5rIGFueSB2ZW5kb3Igd2FudCB0byByaXNrIHRoYXQuIEJ1dA0KaXQn cyByZWFzb25hYmxlIGFuZCBmZWFzaWJsZSB0byBhc2sgdmVuZG9ycyBub3QgdG8gZXhwb3NlIHRo ZSBpc3N1ZSBkZXRhaWxzDQppbiB0aGUgZW1iYXJnbyBwZXJpb2QuDQoNClNvIG15IHVuZGVyc3Rh bmRpbmcgaXMgdGhhdCBlbWJhcmdvIGlzIGZvciBwcmVwYXJpbmcgdGhlIHNlY3VyaXR5IGlzc3Vl DQppbmZvcm1hdGlvbiBkaXNjbG9zdXJlIHB1cnBvc2UsIGR1cmluZyB3aGljaCBhbGwgdmVuZG9y cyBzaG91bGQgaW50ZWdyYXRlDQp0aGUgbWl0aWdhdGlvbiBzb2x1dGlvbiBpbnRvIHRoZWlyIHBy b2R1Y3RzLiBBY3R1YWxseSwgb25jZSBzb21lb25lIGVsc2UNCmZpbmQgdGhlIHNhbWUgaXNzdWUg YW5kIG9wZW4gaXQgdG8gcHVibGljIGluIHRoZSBwZXJpb2QsIHdlIHNob3VsZCBlbmQgdGhlDQpl bWJhcmdvIGltbWVkaWF0ZWx5LiBUaGlzIHN0ZXAgaXMgbWlzc2luZyBpbiB0aGUgd29yayBmbG93 IGNoYXJ0Lg0KDQpWaW5jZW50LCBwbGVhc2UgY29ycmVjdCBtZSBpZiBhbnl0aGluZyB3cm9uZyBo ZXJlLg0KDQpSZWdhcmRzLA0KSmlhbg0KPiANCj4gVGhhbmtzDQo+IExhc3psbw0KPiANCj4gDQoN Cg==