As part of my work for the Civil Infrastructure Platform, I've been tracking security issues in the kernel and trying to ensure that the fixes are applied to stable branches as necessary. The "kernel-sec" repository at <https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec> contains information about known issues and scripts to aid in maintaining and viewing that information. Issues are identified by CVE ID and their status is recorded for mainline and all live stable branches. I import most of the information from distribution security trackers, and from upstream commit references in stable branch commit messages. Manual editing is needed mostly to correct errors in these sources, or where the commits fixing an issue in a stable branch don't correspond exactly to the commits fixing it in mainline. I recently added a local web application that allows browsing the status of all branches and issues, complete with links to references and related commits. There is also a simple reporting script that lists open issues for each branch. If you're interested in security support for stable branches, please take a look at this. I would welcome merge requests to add to the issue data or to improve the scripts. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom
