finished translation #128
Closed
finished translation #128
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
tttturtle-russ
requested changes
Jul 24, 2024
| Many kernel mailing lists reject HTML formatted messages, so use the plain text mode when sending the report. | ||
| 请将发现的错误报告给 Linux 内核维护人员。 | ||
| 要找出负责特定内核子系统的维护者列表,请使用 [get_maintainer.pl](https://github.com/torvalds/linux/blob/master/scripts/get_maintainer.pl) 脚本:`./scripts/get_maintainer.pl -f guilty_file.c`。 请将 `[email protected]` 添加到抄送列表。 | ||
| 确保在报告中明确指出发生错误的确切内核分支和版本号。 |
| Note that people are more likely to care about kernel crashes (e.g. use-after-frees or panics) than of INFO: messages and such, unless it is clearly visible from the report what exactly is wrong. | ||
| If there are stalls or hangs, only report them if they are frequent enough or have a reliable reproducer. | ||
| 在提交报告前需要字斟句酌。 | ||
| 如今,Linux 维护者被日益增加的bug报告淹没了,因此仅仅增加报告的提交量无助于解决bug本身。 |
| The more actionable your report is, the higher the chance that it will be addressed. | ||
| Note that people are more likely to care about kernel crashes (e.g. use-after-frees or panics) than of INFO: messages and such, unless it is clearly visible from the report what exactly is wrong. | ||
| If there are stalls or hangs, only report them if they are frequent enough or have a reliable reproducer. | ||
| 在提交报告前需要字斟句酌。 |
| 在提交报告前需要字斟句酌。 | ||
| 如今,Linux 维护者被日益增加的bug报告淹没了,因此仅仅增加报告的提交量无助于解决bug本身。 | ||
| 您的报告越详细越具有可操作性,解决它的可能性就越大。 | ||
| 请注意,人们更关心内核崩溃 (例如 use-after-frees 或者 panics) 而非仅仅是 INFO:错误信息或者类似的信息,除非从报告中清楚地指出了到底在哪里出现了什么具体问题。 |
| Check that the reproducer works if you run it manually. | ||
| Syzkaller tries to simplify the reproducer, but the result might not be ideal. | ||
| You can try to simplify or annotate the reproducer manually, that greatly helps kernel developers to figure out why the bug occurs. | ||
| 总体而言,没有复制器(reproducers)的错误不太可能被分类和修复。 |
| If you want to deal with the disclosure yourself, read below. | ||
| 1. 私下将错误报告给 `[email protected]`. 在这种情况下,它应该在上游内核中修复,但不能保证修复程序会传播到稳定版或发行版内核。此清单上的最长禁止公开披露期限为7天。 | ||
| 2. 私下向例如 Red Hat (`[email protected]`) 或者 SUSE (`[email protected]`) 等供应商报告错误. 他们应该修复错误,分配 CVE,并通知其他供应商。 | ||
| 3. 这些名单上的最长禁运期限 embargo 为5周。 |
| 2. 通过 [Web 表单](https://cveform.mitre.org/)向 MITRE 请求 CVE。. 描述 bug 详细信息,并在请求中添加指向修复的链接 (`patchwork.kernel.org`, `git.kernel.org` 或者 `github.com`). | ||
| 3. 分配 CVE 后,将 bug 详细信息、CVE 编号和修复链接发送到 `[email protected]`. | ||
|
|
||
| ### 报告主要安全漏洞 |
|
把两个commit合并一下,保持commit历史干净 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
完成翻译