Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170926073214.GA8108@kroah.com>
Date: Tue, 26 Sep 2017 09:32:14 +0200
From: Greg KH <greg@...ah.com>
To: Agostino Sarubbo <ago@...too.org>
Cc: oss-security@...ts.openwall.com, "Priedhorsky, Reid" <reidpr@...l.gov>
Subject: Re: Linux kernel CVEs not mentioned on oss-security

On Tue, Sep 26, 2017 at 09:08:20AM +0200, Agostino Sarubbo wrote:
> This certainly does not answer to the original question, but upstream should 
> consider to do something like ffmpeg does here:
> https://www.ffmpeg.org/security.html
> 
> I guess this would be benefit for all.

Define "all" :)

Anyway, as many people know, there are various reasons why the kernel
security team works the way it works, let's not debate that issue again
please.

But it turns out it's not all written down anywhere in one place, for
people to easily understand, so I've started to do so.  I'm giving a
talk about this very topic tomorrow at a conference, and should be
turning it into a document sometime in the near future that I will
publish somewhere.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.