Date: Tue, 26 Sep 2017 09:32:14 +0200 From: Greg KH <greg@...ah.com> To: Agostino Sarubbo <ago@...too.org> Cc: oss-security@...ts.openwall.com, "Priedhorsky, Reid" <reidpr@...l.gov> Subject: Re: Linux kernel CVEs not mentioned on oss-security On Tue, Sep 26, 2017 at 09:08:20AM +0200, Agostino Sarubbo wrote: > This certainly does not answer to the original question, but upstream should > consider to do something like ffmpeg does here: > https://www.ffmpeg.org/security.html > > I guess this would be benefit for all. Define "all" :) Anyway, as many people know, there are various reasons why the kernel security team works the way it works, let's not debate that issue again please. But it turns out it's not all written down anywhere in one place, for people to easily understand, so I've started to do so. I'm giving a talk about this very topic tomorrow at a conference, and should be turning it into a document sometime in the near future that I will publish somewhere. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ