On Tue, Feb 13, 2024 at 07:48:12PM +0100, Greg Kroah-Hartman wrote: > +No CVEs will be assigned for unfixed security issues in the Linux > +kernel, assignment will only happen after a fix is available as it can > +be properly tracked that way by the git commit id of the original fix. This seems at odds with the literal definition of what CVEs are: _vulnerability_ enumeration. This is used especially during the coordination of fixes; how is this meant to interact with embargoed vulnerability fixing? Outside of that, I welcome the fire-hose of coming identifiers! I think this will more accurately represent the number of fixes landing in stable trees and how important it is for end users to stay current on a stable kernel. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
