From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces+public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id KKqxADdMOWQ3mSsAWB0awg
	(envelope-from <gdb-bounces+public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Fri, 14 Apr 2023 08:51:03 -0400
Received: by simark.ca (Postfix, from userid 112)
	id E8B341E221; Fri, 14 Apr 2023 08:51:02 -0400 (EDT)
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=CFcrq2nC;
	dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,NICE_REPLY_A,
	RCVD_IN_DNSWL_MED,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 9D33F1E110
	for <public-inbox@simark.ca>; Fri, 14 Apr 2023 08:51:02 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id DA5D63858428
	for <public-inbox@simark.ca>; Fri, 14 Apr 2023 12:51:01 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DA5D63858428
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1681476661;
	bh=w951xtGEMLo82QWpM4gFAby/hB9nNdqtsGli9oV3osc=;
	h=Date:Subject:To:Cc:References:In-Reply-To:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=CFcrq2nC0g3X+LHnzCk+tbjRWMVt0sW7gpwAMiY4GtFxUTz7NSawAfYatRk23+U/s
	 4ahFiVH0waeQ9jAApWwQ8SysEESXZljfexzItSDFBEe7GLl6ggVRICIpkj6OtHtWta
	 WKqd0V8I1b1tYv0ByYZ8dh3WO2/Wvor45dRiI16Y=
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by sourceware.org (Postfix) with ESMTP id 9A86F3858D32;
 Fri, 14 Apr 2023 12:49:27 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9A86F3858D32
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CD6622F4;
 Fri, 14 Apr 2023 05:50:11 -0700 (PDT)
Received: from [10.2.78.76] (unknown [10.2.78.76])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9E07C3F6C4;
 Fri, 14 Apr 2023 05:49:26 -0700 (PDT)
Message-ID: <5f5c6b67-ecb3-7bae-8ff3-eca91279605e@foss.arm.com>
Date: Fri, 14 Apr 2023 13:49:25 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.0
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Content-Language: en-GB
To: Siddhesh Poyarekar <siddhesh@gotplt.org>, Nick Clifton
 <nickc@redhat.com>, Binutils <binutils@sourceware.org>
Cc: "gdb@sourceware.org" <gdb@sourceware.org>
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com>
 <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
 <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org>
 <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com>
 <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org>
 <eaa76d6a-84eb-fa79-5a1a-4953e02ccabc@foss.arm.com>
 <c9cc65ae-88a4-20ed-ebbe-e05ad99dc8be@gotplt.org>
 <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com>
 <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org>
 <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com>
 <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org>
 <fae638f2-333c-1e62-5df4-154c590a862e@foss.arm.com>
 <d17d09fd-a3be-1e97-2b26-01e8861c6c32@gotplt.org>
 <43912382-2d32-9fff-8dad-5c41491eb804@foss.arm.com>
 <613a6e55-846c-9f1f-cfd0-046b52487ae3@gotplt.org>
 <b08b6a71-e681-c205-cc7a-05e771b4a99a@foss.arm.com>
 <b92bcb10-71c0-610a-6cca-0360fc2d4f8c@gotplt.org>
In-Reply-To: <b92bcb10-71c0-610a-6cca-0360fc2d4f8c@gotplt.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
From: Richard Earnshaw via Gdb <gdb@sourceware.org>
Reply-To: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces+public-inbox=simark.ca@sourceware.org>



On 14/04/2023 13:43, Siddhesh Poyarekar wrote:
> They key is in what a project can feasibly guarantee and IMO the 
> binutils project is not in a position to guarantee this level of 
> security.  By putting this into SECURITY.md, we'll be signing ourselves 
> (and downstream maintainers) up for much more than they can handle.

No, that's covered by the warranty: GNU tools come with no warranty ...

What it is about is what we would do if such a vulnerability were 
discovered.

R.