Documentation_SecurityBugs

Chinese translated version of Documentation/SecurityBugs

If you have any comment or update to the content, please contact the
original document maintainer directly.  However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help.  Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.

Chinese maintainer: 774945605@qq.com
---------------------------------------------------------------------
Documentation/SecurityBugs 的中文翻译

如果想评论或更新本文的内容，请直接联系原文档的维护者。如果你使用英文
交流有困难的话，也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题，请联系中文版维护者。

中文版维护者： 潘丽卡  774945605@qq.com
中文版翻译者： 潘丽卡  774945605@qq.com
中文版校译者： 黄佳露  799942107@qq.com

 

以下为正文
---------------------------------------------------------------------

Linux kernel developers take security very seriously.  As such, we'd
like to know when a security bug is found so that it can be fixed and
disclosed as quickly as possible.  Please report security bugs to the
Linux kernel security team.

Linux内核开发人员对系统安全性极为重视。同样地，我们可以知道当发现一个
安全漏洞后它就会被尽可能快地修复和揭露。请向Linux内核安全团队报告安全漏洞

1) Contact

联系

The Linux kernel security team can be contacted by email at
<security@kernel.org>.  This is a private list of security officers
who will help verify the bug report and develop and release a fix.
It is possible that the security team will bring in extra help from
area maintainers to understand and fix the security vulnerability.

我们可以发邮件到<security@kernel.org>这个邮件地址来联系Linux内核安全团队。
这是一个私人的安全人员队伍，他们会帮助核实这个BUG报告，并对BUG进行跟踪和修复。
他们也可能会向区域维护人员寻求帮助，以便理解和修复安全漏洞。

As it is with any bug, the more information provided the easier it
will be to diagnose and fix.  Please review the procedure outlined in
REPORTING-BUGS if you are unclear about what information is helpful.
Any exploit code is very helpful and will not be released without
consent from the reporter unless it has already been made public.

对于任何BUG，提供的信息越多，它被诊断和修复起来就越容易。如果你不清楚哪些信息
是有帮助的，请复习一下REPORTING-BUGS中所列出的BUG报告步骤。任何开发代码都是非常
有帮助，所以它们都不能被报告者所释放直到这些代码被公布出来。

2) Disclosure

揭露

The goal of the Linux kernel security team is to work with the
bug submitter to bug resolution as well as disclosure.  We prefer
to fully disclose the bug as soon as possible.  It is reasonable to
delay disclosure when the bug or the fix is not yet fully understood,
the solution is not well-tested or for vendor coordination.  However, we
expect these delays to be short, measurable in days, not weeks or months.

Linux内核安全团队的目标是和BUG提交者一起致力于BUG的解决和揭露。
我们希望能尽快地完全揭露BUG。当BUG或修复方法尚未完全弄清楚，解决
方案不能很好地生效或者未与供应商协调时，就有可能延迟BUG的揭露。
然而，我们希望这些延误是短暂的，能够以天计量的，而不是几个星期或几个月。

A disclosure date is negotiated by the security team working with the
bug submitter as well as vendors.  However, the kernel security team
holds the final say when setting a disclosure date.  The timeframe for
disclosure is from immediate (esp. if it's already publicly known)
to a few weeks.  As a basic default policy, we expect report date to
disclosure date to be on the order of 7 days.

揭露的日期是由内核安全团队与BUG提交者和供应商共同商议的，但最后的决定权
在内核安全团队。揭露的时间为从现在开始（如果BUG已经公布了）到几个星期之间。
有一个默认的基本规定，就是我们希望BUG的报告日期和揭露日期间隔最好
不要超过7天。

3) Non-disclosure agreements

不揭露协议

The Linux kernel security team is not a formal body and therefore unable
to enter any non-disclosure agreements.

Linux内核安全团队不是一个正式的组织，因此不能达成任何不揭露协议。