From ecad5b8966dd098fdc37dc448d66841bc6148131 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Wed, 12 Aug 2020 10:52:32 +0200 Subject: [PATCH 1/2] doc: Emphasize that security issues must not be reported as normal bugs Change-Id: I43e452c9993a8608b20ec029562982f5dcf8e6b2 Signed-off-by: Sandrine Bailleux --- docs/process/security.rst | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/process/security.rst b/docs/process/security.rst index 0d59e723c..a3b9971e4 100644 --- a/docs/process/security.rst +++ b/docs/process/security.rst @@ -20,13 +20,15 @@ Found a Security Issue? Although we try to keep TF-A secure, we can only do so with the help of the community of developers and security researchers. -If you think you have found a security vulnerability, please **do not** report -it in the `issue tracker`_ or on the `mailing list`_. Instead, please follow the -`TrustedFirmware.org security incident process`_. One of the goals of this -process is to ensure providers of products that use TF-A have a chance to -consider the implications of the vulnerability and its remedy before it is made -public. As such, please follow the disclosure plan outlined in the process. We -do our best to respond and fix any issues quickly. +.. warning:: + If you think you have found a security vulnerability, please **do not** + report it in the `issue tracker`_ or on the `mailing list`_. Instead, please + follow the `TrustedFirmware.org security incident process`_. + +One of the goals of this process is to ensure providers of products that use +TF-A have a chance to consider the implications of the vulnerability and its +remedy before it is made public. As such, please follow the disclosure plan +outlined in the process. We do our best to respond and fix any issues quickly. Afterwards, we encourage you to write-up your findings about the TF-A source code. From 155eac294a9e27e177339a36eeabbaf5025795d1 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Wed, 12 Aug 2020 13:41:41 +0200 Subject: [PATCH 2/2] doc: Mention the TF-A Tech Forum as a way to contact developers Change-Id: Ib4ad853ebb6e28adcf9ed14714d43799f9370343 Signed-off-by: Sandrine Bailleux --- docs/about/contact.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/about/contact.rst b/docs/about/contact.rst index 7c6a5de78..4440a371a 100644 --- a/docs/about/contact.rst +++ b/docs/about/contact.rst @@ -24,6 +24,15 @@ The relevant lists for the TF-A project are: You can see a `summary of all the lists`_ on the TrustedFirmware.org website. +Open Tech Forum Call +^^^^^^^^^^^^^^^^^^^^ + +Every other week, we organize a call with all interested TF-A contributors. +Anyone is welcome to join. This is an opportunity to discuss any technical +topic within the community. More details can be found `here`_. + +.. _here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ + Issue Tracker ^^^^^^^^^^^^^