On Fri, 16 Feb 2024, Theodore Ts'o wrote:
> My observation is that the old system has had pretty low-quality
> CVE's, and worse, overly inflated CVE Severity Scores, which has
> forced all people who are supporting distro and cloud serves which
> sell into the US Government market to have to do ve
On Fri, Feb 16, 2024 at 09:27:48PM +0100, Jiri Kosina wrote:
>
> Now that you have played the distro card (thanks!) here, let me just copy
> my comment from LWN where someone suggested "well, it's easy, it's the job
> of the [paid] distros to do the triage" ...
>
> The problem is, that with thi
On Fri, 16 Feb 2024, Josh Poimboeuf wrote:
> - Not users of -stable since they already know they need to be on the
> latest version.
>
> - Not distros or their users as it's just flooding them with low quality
> CVEs which have no analysis or scoring.
>
> And enterprise distros will never be
On Thu, Feb 15, 2024 at 01:10:55PM +0100, Greg Kroah-Hartman wrote:
> +Note, due to the layer at which the Linux kernel is in a system, almost
> +any bug might be exploitable to compromise the security of the kernel,
> +but the possibility of exploitation is often not evident when the bug is
> +fix
On Fri 16-02-24 16:34:57, Greg KH wrote:
> On Fri, Feb 16, 2024 at 02:20:04PM +0100, Michal Hocko wrote:
> > > Right now
> > > we are fixing lots and lots of things and no one notices as their
> > > "traditional" path of only looking at CVEs for the kernel is totally
> > > incorrect.
> >
> > Right
On Fri, Feb 16, 2024 at 02:20:04PM +0100, Michal Hocko wrote:
> > Right now
> > we are fixing lots and lots of things and no one notices as their
> > "traditional" path of only looking at CVEs for the kernel is totally
> > incorrect.
>
> Right, there are quite a lot of people who consider CVE fixe
Greg Kroah-Hartman writes:
> On Fri, Feb 16, 2024 at 10:28:39AM +0200, Jani Nikula wrote:
>> rst basically allows any order of the heading underlines, and their
>> relative hierarchy is determined by how they show up in each document,
>> it's not specified by rst. However, it would be much easier
On Fri 16-02-24 12:25:46, Greg KH wrote:
> On Thu, Feb 15, 2024 at 07:36:20PM +0100, Michal Hocko wrote:
> > On Thu 15-02-24 19:20:09, Greg KH wrote:
> > > On Thu, Feb 15, 2024 at 06:54:17PM +0100, Michal Hocko wrote:
> > > > On Wed 14-02-24 09:00:30, Greg KH wrote:
> > > > [...]
> > > > > +Process
On Thu, Feb 15, 2024 at 07:36:20PM +0100, Michal Hocko wrote:
> On Thu 15-02-24 19:20:09, Greg KH wrote:
> > On Thu, Feb 15, 2024 at 06:54:17PM +0100, Michal Hocko wrote:
> > > On Wed 14-02-24 09:00:30, Greg KH wrote:
> > > [...]
> > > > +Process
> > > > +---
> > > > +
> > > > +As part of the n
On Fri, Feb 16, 2024 at 10:28:39AM +0200, Jani Nikula wrote:
> On Thu, 15 Feb 2024, Vegard Nossum wrote:
> > On 15/02/2024 12:50, Greg Kroah-Hartman wrote:
> >> On Wed, Feb 14, 2024 at 09:37:31AM +0100, Vegard Nossum wrote:
> >>> Document titles should have above them as well, and then you wo
On Thu, 15 Feb 2024, Vegard Nossum wrote:
> On 15/02/2024 12:50, Greg Kroah-Hartman wrote:
>> On Wed, Feb 14, 2024 at 09:37:31AM +0100, Vegard Nossum wrote:
>>> Document titles should have above them as well, and then you would
>>> need to shift all the other headings in this document (i.e. a
On 15.02.24 18:49, Greg Kroah-Hartman wrote:
On Thu, Feb 15, 2024 at 04:03:02PM +0100, Jürgen Groß wrote:
On 15.02.24 13:10, Greg Kroah-Hartman wrote:
The Linux kernel project now has the ability to assign CVEs to fixed
issues, so document the process and how individual developers can get a
CVE
12 matches
Mail list logo
