andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge changes from topic "sb/contribution-guidelines" into integration 

* changes:
  doc: Mention the TF-A Tech Forum as a way to contact developers
  doc: Emphasize that security issues must not be reported as normal bugs
This commit is contained in:
Mark Dykes 2020-08-14 19:59:57 +00:00 committed by TrustedFirmware Code Review
parent 8cbccbdca4 155eac294a
commit fe6a3d1a33
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/about/contact.rst
View File

@ -24,6 +24,15 @@ The relevant lists for the TF-A project are:
You can see a `summary of all the lists`_ on the TrustedFirmware.org website.
Open Tech Forum Call
^^^^^^^^^^^^^^^^^^^^
Every other week, we organize a call with all interested TF-A contributors.
Anyone is welcome to join. This is an opportunity to discuss any technical
topic within the community. More details can be found `here`_.
.. _here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/
Issue Tracker
^^^^^^^^^^^^^

16
docs/process/security.rst
View File

@ -20,13 +20,15 @@ Found a Security Issue?
Although we try to keep TF-A secure, we can only do so with the help of the
community of developers and security researchers.
If you think you have found a security vulnerability, please **do not** report
it in the `issue tracker`_ or on the `mailing list`_. Instead, please follow the
`TrustedFirmware.org security incident process`_. One of the goals of this
process is to ensure providers of products that use TF-A have a chance to
consider the implications of the vulnerability and its remedy before it is made
public. As such, please follow the disclosure plan outlined in the process. We
do our best to respond and fix any issues quickly.
.. warning::
If you think you have found a security vulnerability, please **do not**
report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
follow the `TrustedFirmware.org security incident process`_.
One of the goals of this process is to ensure providers of products that use
TF-A have a chance to consider the implications of the vulnerability and its
remedy before it is made public. As such, please follow the disclosure plan
outlined in the process. We do our best to respond and fix any issues quickly.
Afterwards, we encourage you to write-up your findings about the TF-A source
code.