0

docs/security: Add a note about marshal handling email lists.

There have been occasional instances of marshals responding to security
emails and removing the list outright, rather than bcc'ing. This makes
it hard to distinguish between emails that have had responses and those
that have not.

Change-Id: I55feedc97450149a5dac69b6dd79c29eb5b44d3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2079331
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#745178}
This commit is contained in:
Ken Buchanan
2020-02-27 20:56:14 +00:00
committed by Commit Bot
parent c47f2d3e33
commit d42ebdc8ac

@ -83,6 +83,9 @@ various important responsibilities:
* Note: external emails will always come in on security@chromium.org as
chrome-security@google.com is a Google-only list, but both need to be
triaged.
* When triaging an email to be handled off of the list, make sure to bcc: the
list that it arrived on, so that other people including future marshals can
see that it has been handled.
* Change bugs status to **Fixed** for those that the developer forgets to close.
Make sure to read bug comments where developer might point out that it needs
more CLs, et c. Wait 24 hours before closing ClusterFuzz bugs, to give