On Fri, Jun 30, 2023 at 09:14:20AM +0200, Greg Kroah-Hartman wrote: > Because the linux-distros group forces reporters to release information > about reported bugs, and they impose arbitrary deadlines in having those > bugs fixed despite not actually being kernel developers, the kernel > security team recommends not interacting with them at all as this just > causes confusion and the early-release of reported security problems. > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Yeah, this is good. It might make sense to explicitly detail the rationale in security-bugs.rst (as you have in the commit log), but perhaps that's too much detail. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
