From: Jiri Kosina <jikos@kernel.org>
To: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
corbet@lwn.net, workflows@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
security@kernel.org, linux@leemhuis.info,
Kees Cook <keescook@chromium.org>,
Konstantin Ryabitsev <konstantin@linuxfoundation.org>,
Krzysztof Kozlowski <krzk@kernel.org>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>,
Sasha Levin <sashal@kernel.org>, Lee Jones <lee@kernel.org>
Subject: Re: [PATCH v4] Documentation: Document the Linux Kernel CVE process
Date: Fri, 16 Feb 2024 21:27:48 +0100 (CET) [thread overview]
Message-ID: <nycvar.YFH.7.76.2402162108370.21798@cbobk.fhfr.pm> (raw)
In-Reply-To: <20240216192625.o3q6m7cjgkwyfe4y@treble>
On Fri, 16 Feb 2024, Josh Poimboeuf wrote:
> - Not users of -stable since they already know they need to be on the
> latest version.
>
> - Not distros or their users as it's just flooding them with low quality
> CVEs which have no analysis or scoring.
>
> And enterprise distros will never be able to rebase onto -stable,
> especially for older streams for which they have to be very selective,
> in order to avoid destabilizing them. As you say, "a bug is a bug".
Now that you have played the distro card (thanks!) here, let me just copy
my comment from LWN where someone suggested "well, it's easy, it's the job
of the [paid] distros to do the triage" ...
The problem is, that with this new system, paid distros are going to
suffer a big time (with no benefit to anybody at all). We'll have to put a
lot of productive and creative (upstream) work on hold in order to have
enough resources to sort out the havoc that LTS team is apparently going
to create by DoSing the world with a truckload of irrelevant CVEs.
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2024-02-16 20:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 12:10 Greg Kroah-Hartman
2024-02-15 15:03 ` Jürgen Groß
2024-02-15 17:49 ` Greg Kroah-Hartman
2024-02-16 8:04 ` Jürgen Groß
2024-02-15 17:38 ` Jiri Kosina
2024-02-15 18:24 ` Greg Kroah-Hartman
2024-02-16 19:26 ` Josh Poimboeuf
2024-02-16 20:27 ` Jiri Kosina [this message]
2024-02-16 21:45 ` Theodore Ts'o
2024-02-16 21:51 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.2402162108370.21798@cbobk.fhfr.pm \
--to=jikos@kernel.org \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=keescook@chromium.org \
--cc=konstantin@linuxfoundation.org \
--cc=krzk@kernel.org \
--cc=lee@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=lukas.bulwahn@gmail.com \
--cc=sashal@kernel.org \
--cc=security@kernel.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox