Re: [PATCH v4] Documentation: Document the Linux Kernel CVE process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 16 Feb 2024, Josh Poimboeuf wrote:

> - Not users of -stable since they already know they need to be on the
>   latest version.
> 
> - Not distros or their users as it's just flooding them with low quality
>   CVEs which have no analysis or scoring.
> 
> And enterprise distros will never be able to rebase onto -stable,
> especially for older streams for which they have to be very selective,
> in order to avoid destabilizing them.  As you say, "a bug is a bug".

Now that you have played the distro card (thanks!) here, let me just copy 
my comment from LWN where someone suggested "well, it's easy, it's the job 
of the [paid] distros to do the triage" ...

The problem is, that with this new system, paid distros are going to 
suffer a big time (with no benefit to anybody at all). We'll have to put a 
lot of productive and creative (upstream) work on hold in order to have 
enough resources to sort out the havoc that LTS team is apparently going 
to create by DoSing the world with a truckload of irrelevant CVEs.

-- 
Jiri Kosina
SUSE Labs





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux