From: Greg KH <gregkh@linuxfoundation.org>
To: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Jiri Kosina <jkosina@suse.cz>, ksummit@lists.linux.dev
Subject: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@
Date: Tue, 15 Aug 2023 13:23:36 +0200 [thread overview]
Message-ID: <2023081515-lake-spotty-6a3a@gregkh> (raw)
In-Reply-To: <658e739b-c164-c360-d6a3-eb4fb15ae02e@oracle.com>
On Tue, Aug 15, 2023 at 12:17:03PM +0200, Vegard Nossum wrote:
> I'll throw in another idea: distros@kernel.org.
>
> A closed list which will be notified by security@kernel.org once they
> feel patches for a particular issue are ready for testing/consumption by
> distros (and hopefully before the issue is disclosed publicly, if the
> reporter still wishes to do that).
>
> The members and list rules would be totally up to the security team to
> decide.
As per the lawyers, and government officials we have worked with in the
past, having a closed list for preannouncements like this will be
either:
- deemed illegal in some countries
- made to have all "major"[1] Linux users on it.
Neither of which actually will work out at all, the whole
"preannouncement" stuff just is not possible, sorry. I'm amazed that
other projects have been able to "get away with it" for as long as they
have without either being infiltrated by "the powers that be" or
shutdown yet.
Politics is a rough game, the only way to survive is to not play it for
stuff like this.
So no, "distros@k.o" isn't going to be possible for the LF to host, and
any other group that wants to run such a thing will quickly have these
issues as well, it's amazing that linux-distros has been able to survive
for as long as it has.
greg k-h
[1] "Major" includes most government agencies in most countries.
next prev parent reply other threads:[~2023-08-15 11:23 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-15 9:28 Jiri Kosina
2023-08-15 10:17 ` Vegard Nossum
2023-08-15 10:34 ` Jiri Kosina
2023-08-15 11:23 ` Greg KH [this message]
2023-08-15 12:42 ` Steven Rostedt
2023-08-15 13:17 ` Daniel Borkmann
2023-08-15 14:19 ` Laurent Pinchart
2023-08-15 22:04 ` Jiri Kosina
2023-08-15 14:20 ` Catalin Marinas
2023-08-15 14:41 ` Greg KH
2023-08-15 15:04 ` Steven Rostedt
2023-08-15 15:51 ` Greg KH
2023-08-15 15:08 ` Greg KH
2023-08-15 18:46 ` Konrad Rzeszutek Wilk
2023-08-15 19:41 ` Greg KH
2023-08-15 22:13 ` Jiri Kosina
2023-08-15 22:31 ` Steven Rostedt
2023-08-16 14:55 ` Greg KH
2024-02-16 17:14 ` Michal Suchánek
2024-02-16 17:34 ` Greg KH
2024-02-16 18:13 ` Michal Suchánek
2024-02-16 18:16 ` Jiri Kosina
2023-08-15 22:17 ` Jiri Kosina
2023-08-16 14:57 ` Greg KH
2023-08-16 17:22 ` Jiri Kosina
2023-08-16 18:38 ` Vegard Nossum
2023-08-16 15:26 ` Solar Designer
2023-08-25 11:17 ` Donald Buczek
2023-08-29 8:46 ` Miroslav Benes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023081515-lake-spotty-6a3a@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=jkosina@suse.cz \
--cc=ksummit@lists.linux.dev \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox