Date: Tue, 24 May 2022 18:25:50 +0200 From: Mickaël Salaün <mic@...ikod.net> To: oss-security@...ts.openwall.com, Greg KH <greg@...ah.com>, Sam James <sam@...too.org> Cc: seth.arnold@...onical.com Subject: Re: linux-distros list policy and Linux kernel On 23/05/2022 08:34, Greg KH wrote: > On Sun, May 22, 2022 at 08:55:50PM +0100, Sam James wrote: >> I'd also like to ask that the final commit messages please reference any >> relevant CVEs or at least the security impact. There've been a fair number >> of incidents where such information is stripped and it makes tracking >> issues *really* hard. > > That is pretty much impossible and goes against the whole goal of "get > this fixed and in a public tree and only tell the world that it was an > issue after-the-fact" way that the kernel team works. If we put all of > that in the commit to start with, the whole world knows this info. We > can't go back in time and change git commits for obvious reasons. It would work well if (as asked Vegard) sources/patches and binaries were released simultaneously by both upstream and distributions. Regards, Mickaël
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.