On 07-09-17 10:59, Johannes Berg wrote:
On Thu, 2017-09-07 at 10:40 +0200, Arend van Spriel wrote:
Hi Kalle,
Due to recent events we were asked about some vulnerability fixes
for
brcmfmac. We already fixed a couple of things without referring to a
so-called CVE-ID, which is what people are asking for. Do we have a
upstream policy on that? I could not really find anything in the
Documentation folder (but I may have overlooked it). Might be worth
mentioning in the commit message like with the coverity ids.
Sure.
git log --grep "CVE-"
shows it being done frequently.
Right. Failed to do the obvious ;-)
Thanks,
Arend
