oss-sec mailing list archives
Re: linux-distros list policy and Linux kernel
From: Mickaël Salaün <mic () digikod net>
Date: Tue, 24 May 2022 18:25:50 +0200
On 23/05/2022 08:34, Greg KH wrote:
On Sun, May 22, 2022 at 08:55:50PM +0100, Sam James wrote:I'd also like to ask that the final commit messages please reference any relevant CVEs or at least the security impact. There've been a fair number of incidents where such information is stripped and it makes tracking issues *really* hard.That is pretty much impossible and goes against the whole goal of "get this fixed and in a public tree and only tell the world that it was an issue after-the-fact" way that the kernel team works. If we put all of that in the commit to start with, the whole world knows this info. We can't go back in time and change git commits for obvious reasons.
It would work well if (as asked Vegard) sources/patches and binaries were released simultaneously by both upstream and distributions.
Regards, Mickaël
Current thread:
- Re: linux-distros list policy and Linux kernel, (continued)
- Re: linux-distros list policy and Linux kernel Jason A. Donenfeld (May 17)
- Re: linux-distros list policy and Linux kernel Greg KH (May 17)
- Re: linux-distros list policy and Linux kernel Jeremy Stanley (May 17)
- Re: linux-distros list policy and Linux kernel Thadeu Lima de Souza Cascardo (May 17)
- Re: linux-distros list policy and Linux kernel Vegard Nossum (May 20)
- Re: linux-distros list policy and Linux kernel Solar Designer (May 22)
- Re: linux-distros list policy and Linux kernel Sam James (May 22)
- Re: linux-distros list policy and Linux kernel Greg KH (May 22)
- Re: linux-distros list policy and Linux kernel eduardo vela (May 23)
- Re: linux-distros list policy and Linux kernel Mickaël Salaün (May 24)
- Re: linux-distros list policy and Linux kernel Greg KH (May 24)
- Re: linux-distros list policy and Linux kernel Sam James (May 22)
- Re: linux-distros list policy and Linux kernel Alan Coopersmith (May 19)