mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-16 13:16:49 +00:00
c9dbaa4c86
To track security issues, we're starting with the chromium bug tracker (using the llvm project there). We considered using Github Security Advisories. However, they are currently intended as a way for project owners to publicize their security advisories, and aren't well-suited to reporting issues. This also moves the issue-reporting paragraph to the beginning of the document, in part to make it more discoverable, in part to allow the anchor-linking to actually display the paragraph at the top of the page. Note that this doesn't update the concrete list of security-sensitive areas, which is still an open item. When we do, we may want to move the list of security-sensitive areas next to the issue-reporting paragraph as well, as it seems like relevant information needed in the reporting process. Finally, when describing the discission medium, this splits the topics discussed into two: the concrete security issues, discussed in the issue tracker, and the logistics of the group, in our mailing list, as patches on public lists, and in the monthly sync-up call. While there, add a SECURITY.md page linking to the relevant paragraph. Differential Revision: https://reviews.llvm.org/D100873
The LLVM Compiler Infrastructure ================================ This directory and its subdirectories contain source code for LLVM, a toolkit for the construction of highly optimized compilers, optimizers, and runtime environments. LLVM is open source software. You may freely distribute it under the terms of the license agreement found in LICENSE.txt. Please see the documentation provided in docs/ for further assistance with LLVM, and in particular docs/GettingStarted.rst for getting started with LLVM and docs/README.txt for an overview of LLVM's documentation setup. If you are writing a package for LLVM, see docs/Packaging.rst for our suggestions.