TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / a88b3c296ab99fb7080de199a0b6291d2b44fceb^! / . / docs / process / security.rst
commita88b3c296ab99fb7080de199a0b6291d2b44fceb[log] [tgz]
authorSandrine Bailleux <sandrine.bailleux@arm.com>Mon Aug 03 10:27:19 2020 +0200
committerSandrine Bailleux <sandrine.bailleux@arm.com>Fri Aug 14 14:51:43 2020 +0200
tree9b881dcf58d6b90ef01e84cf90908cff4f00960e
parentb3385aa08ec68d2c80f9b6c35f0cc4102fa14d36 [diff] [blame]
doc: Stop advising the creation of Phabricator issues

We have noticed that Phabricator (the ticketing system on tf.org [1])
has far less visibility within the community than the mailing list [2].
For this reason, let's drop usage of Phabricator for anything else than
bug reports. For the rest, advise contributors to start a discussion on
the mailing list, where they are more likely to get feedback.

[1] https://developer.trustedfirmware.org/project/board/1/
[2] https://lists.trustedfirmware.org/mailman/listinfo/tf-a

Change-Id: I7d2d3d305ad0a0f8aacc2a2f25eb5ff429853a3f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

diff --git a/docs/process/security.rst b/docs/process/security.rst
index 516eb98..0d59e72 100644
--- a/docs/process/security.rst
+++ b/docs/process/security.rst

@@ -21,12 +21,12 @@
 community of developers and security researchers.
 
 If you think you have found a security vulnerability, please **do not** report
-it in the `issue tracker`_. Instead, please follow the `TrustedFirmware.org
-security incident process`_. One of the goals of this process is to ensure
-providers of products that use TF-A have a chance to consider the implications
-of the vulnerability and its remedy before it is made public. As such, please
-follow the disclosure plan outlined in the process. We do our best to respond
-and fix any issues quickly.
+it in the `issue tracker`_ or on the `mailing list`_. Instead, please follow the
+`TrustedFirmware.org security incident process`_. One of the goals of this
+process is to ensure providers of products that use TF-A have a chance to
+consider the implications of the vulnerability and its remedy before it is made
+public. As such, please follow the disclosure plan outlined in the process. We
+do our best to respond and fix any issues quickly.
 
 Afterwards, we encourage you to write-up your findings about the TF-A source
 code.
@@ -69,6 +69,7 @@
 +-----------+------------------------------------------------------------------+
 
 .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
+.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a
 
 .. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
 .. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`