undefined | Better HN

0 pointsscottlamb4y ago0 comments

> The vulnerability would be buried. Greg is extremely, consistently reluctant to issue CVEs without security engineers bending over backwards.

From https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-... I'd paraphrase his philosophy as kernel developers should fix bugs (without requiring they be security-related or worrying about CVE assignment), users should run a recent stable/long-term kernel.

0 comments

3 comments · 1 top-level

staticassertion4y ago· 2 in thread

LTS is a noble effort but leaves quite a lot to be desired, and doesn't really change the fact that Greg (and others) have multiple decades of history hiding vulns and pushing back on CVEs.

gnubison4y ago

Have you watched the talk? Greg talks a lot about the flaws with CVEs.

staticassertion4y ago

Yes, I have.

j / k navigate · click thread line to collapse