RFC: Adding a SECURITY.md document to the Binutils

Siddhesh Poyarekar siddhesh@gotplt.org
Fri Apr 14 13:13:33 GMT 2023


On 2023-04-14 08:49, Richard Earnshaw wrote:
> 
> 
> On 14/04/2023 13:43, Siddhesh Poyarekar wrote:
>> They key is in what a project can feasibly guarantee and IMO the 
>> binutils project is not in a position to guarantee this level of 
>> security.  By putting this into SECURITY.md, we'll be signing 
>> ourselves (and downstream maintainers) up for much more than they can 
>> handle.
> 
> No, that's covered by the warranty: GNU tools come with no warranty ...
 >
> What it is about is what we would do if such a vulnerability were 
> discovered.

It's not about what we would do if a vulnerability were discovered.  It 
is about:

1. What is considered a security issue; this ties into contexts in which 
binutils tools can be used safely.

2. How users can report bugs they think may have security consequences.

Sid


More information about the Gdb mailing list