From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 444841097E for ; Tue, 15 Aug 2023 15:04:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 21186C433C7; Tue, 15 Aug 2023 15:04:22 +0000 (UTC) Date: Tue, 15 Aug 2023 11:04:22 -0400 From: Steven Rostedt To: Greg KH Cc: Catalin Marinas , Vegard Nossum , Jiri Kosina , ksummit@lists.linux.dev Subject: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Message-ID: <20230815110422.2366cc0b@gandalf.local.home> In-Reply-To: <2023081553-deodorize-crumpet-ee9a@gregkh> References: <658e739b-c164-c360-d6a3-eb4fb15ae02e@oracle.com> <2023081515-lake-spotty-6a3a@gregkh> <20230815084253.7091083e@gandalf.local.home> <2023081553-deodorize-crumpet-ee9a@gregkh> X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 15 Aug 2023 16:41:37 +0200 Greg KH wrote: > Loads of companies/governments have been pestering us for access to > security@k.o for decades now, this isn't going to change for the obvious > reason that having such groups on the list is not going to help us fix > any problem, but instead, just give everyone early access to known > security problems. > > Same thing would happen for any potential distro@k.o list, remember who > some of the largest users of Linux is (i.e. governments) and many of > them have their own custom "distros" for their systems for valid > reasons. > > So no, we can't do that if you care about security overall, this would > make things insecure. Even if the only thing that is shown is a commit sha that should be taken? -- Steve