From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B2D01988D for ; Tue, 15 Aug 2023 22:31:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 22AB1C433C7; Tue, 15 Aug 2023 22:31:20 +0000 (UTC) Date: Tue, 15 Aug 2023 18:31:20 -0400 From: Steven Rostedt To: Jiri Kosina Cc: Greg KH , Vegard Nossum , ksummit@lists.linux.dev Subject: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Message-ID: <20230815183120.0c92a759@gandalf.local.home> In-Reply-To: References: <658e739b-c164-c360-d6a3-eb4fb15ae02e@oracle.com> <2023081515-lake-spotty-6a3a@gregkh> <20230815084253.7091083e@gandalf.local.home> <2023081540-vindicate-caterer-33c6@gregkh> X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 16 Aug 2023 00:13:56 +0200 (CEST) Jiri Kosina wrote: > > The huge majority of Linux use in the world is Android, everything else > > is a rounding error. > > Sorry, but in my view this is a slight oversimplification. I agree. And that's just taking in "numbers". What about impact. If there's a security flaw in an android phone, it opens up each individual for an attack, but it usually requires an attacker to hit them individually. But if an enterprise is hit. All it takes is to go after one server, and you have access to thousands of users and their private data. It's not just the number of installations that count. -- Steve