Re: CVE abstraction choices and the Linux kernel

[Michael Gilbert <mgilbert () debian org>]

On Fri, Mar 8, 2013 at 9:57 AM, Steven M. Christey wrote:
> Considering the Krause kernel info-leaks as an example, this might
> suggest about 11 CVEs for crypto, xfrm_user, net (including net/tun),
> ipvs, dccp, llc, l2tp, Bluetooth, atm, udf, and isofs.  There might
> be additional SPLITs based on bug type.
>
> What do people think?  To the distro maintainers: given that CVE
> cannot support per-bug IDs for the reasons I've already described,
> are per-subsystem SPLITs workable?

Speaking only for myself, I think this is a quite reasonable way to draw a line.

Best wishes,
Mike