On Thu, 2017-09-07 at 10:40 +0200, Arend van Spriel wrote: > Hi Kalle, > > Due to recent events we were asked about some vulnerability fixes > for > brcmfmac. We already fixed a couple of things without referring to a > so-called CVE-ID, which is what people are asking for. Do we have a > upstream policy on that? I could not really find anything in the > Documentation folder (but I may have overlooked it). Might be worth > mentioning in the commit message like with the coverity ids. Sure. git log --grep "CVE-" shows it being done frequently. johannes
