Bugs
====

Report **any bugs** you **think** you **may** have found because you are
working with the **latest and greatest drivers**! If your bug is
backport compatibility-related then we should still try to fix it within
the compatibility layer. If you are not sure you can let us help you.
**To date we have only have identified 2 backport related bugs**, all
other reported bugs were **real bugs** in **actual upstream** code!

We are working on a bugzilla entry for compat / compat-drivers, until
then please report all bugs you think you my have found to the
:doc:`backports mailing list <mailing_list>` and if you know what subsystem
you think the bug belongs to Cc: the respective mailing list. Remember
that chances are **high** that the bug is not a backport bug but instead
a real upstream bug that **must** be fixed.

What mailing lists to report bugs to
------------------------------------

Always use: **backports@vger.kernel.org** and then use one of the
following mailing lists depending on the subsystem from where your
driver belongs:

- bluetooth: linux-bluetooth@vger.kernel.org
- wireless: linux-wireless@vger.kernel.org
- ethernet: netdev@vger.kernel.org

Reporting security vulnerabilities
----------------------------------

If you have a security vulnerabilities issue to report and you know it
is backports related you can report this directly to the maintainers:

- hauke@hauke-m.de
- mcgrof@kernel.org
- johannes@sipsolutions.net

The report will be handled in private, once the issue is fixed and
propagated to users, the security fix will be disclosed and documented.
As of date we have had no security vulnerabilities issues reported.
Until then this page can be used to track updates on vulnerabilities
related to Linux backports. The attack surface to Linux backports
consists about 1-2% of code, this varies depending on what kernel you
are on. The older kernel you are on the higher the security risk.
Security issues on Linux should affect users of Linux backports if the
code is carried over into backports, fixes for that are addressed
through new release of backports with the corresponding upstream fixes.
Security fixes for Linux belong upstream on Linux, not on Linux
backports. To learn how to report Linux kernel security issues refer to
`SecurityBugs documentation
<https://www.kernel.org/doc/Documentation/SecurityBugs>`__.

Bugzilla
--------

The Linux kernel bugzilla has an entry for backport bugs.

Reporting new backport bugs
~~~~~~~~~~~~~~~~~~~~~~~~~~~

To record a new bug:

#. access the `Backports project <https://bugzilla.kernel.org/enter_bug.cgi?product=Backports%20project>`__ section of Bugzilla
#. select the *backports* component (it is the only component available)

Viewing bugs by status
----------------------

-  [https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=Backports+project&content=. View open bugs]
-  [https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__closed__&product=Backports+project&content=. View closed bugs]