Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp1340341rdb; Fri, 16 Feb 2024 12:28:33 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVV1/0H8zFD4AHL8YdaIlRieK0Lsnu/hdQ7nfXlRQwU9Nk/3U6IjuVMiN0YnZdiWmjENDjectsMnuHpjYNKoe3Ci/0nP0sj3T08vlHLJA== X-Google-Smtp-Source: AGHT+IGUPN1Cqq6BiUZYPcZlwdXw0cOah4CQGMjqMcr/3ViAm366WrYvFpGGm2HddNOvwO1iqbW0 X-Received: by 2002:a17:90a:f597:b0:299:2a8:55b0 with SMTP id ct23-20020a17090af59700b0029902a855b0mr6746193pjb.23.1708115313403; Fri, 16 Feb 2024 12:28:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708115313; cv=pass; d=google.com; s=arc-20160816; b=MLGxk0UujBeokacvwdPtZLIJcVnPQPRkNITrDORm+/n9MMPvD0t+Z1yi9OQYNroDGI xCMbne+WggB8PYzwgYG63wB18QDoshXhC3PKxkznPrGQBeHwGCsUeW00PTL471KM3wFH LA6sxjrAXmYt1JpH/h2LXZeee9B2cTZDOUW1EvtUvaskrjySRnDbYCKyhIIBVolqJx+w PJLbg14o4/dqD3Qs0+FHyH64mOHWZilKiTUtE0lZyOtr4FCDcO2TOba4MuB4PyYZyfOC IhO7EEdPo7fJdxybIDXKaQcb3nsA/pPKohsosDiEZ0ezVefT+YRdndgOYnm3ni2vSNUj wonA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:references:message-id:in-reply-to:subject:cc:to:from :date:dkim-signature; bh=ba39RB2iPhUsMw538riRCfITBFJf0/Kf4yt07vpOFGE=; fh=+1RJtKcR1gnfzfhXgiJUVqjj6YSvkKf4qGNbGYaLteI=; b=vncyRKFj+vO8DvA2Tto8lM7njsGeTqwYDc1U0jjI5WC5cMjM0qbXrxPgt0Si0IIsXn L6KTCkrlpH/1o9/jvyhBQYR+xRLDZkNE3K+sXN3soamlrFQMPyDtyXaiZ19CKYRwbn6Q KDOkLeZbn8hmY4tpxXTRGcWxUHEViGrNVbZUjYpCffwEWmxreg/qpNocWpGA9gOw+D1y LE+8coOnvrkcv4ns8mqpD0bKLYL4F039vBZTm5EAZBjbR5J5AJsIl9cF0/x5+629GcYw JkIgkG8fhL6ui+2igFHJsesmtekc54Wn/8sxCjd66QQ/gPV/5G+Fj5jNB/k+tfHScEOO E4ng==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=C9s57z4z; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-69297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69297-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id lx18-20020a17090b4b1200b002991a57987bsi482390pjb.4.2024.02.16.12.28.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 12:28:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-69297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=C9s57z4z; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-69297-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69297-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5DBEEB214C7 for ; Fri, 16 Feb 2024 20:27:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9879D13AA4D; Fri, 16 Feb 2024 20:27:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="C9s57z4z" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B687A139581; Fri, 16 Feb 2024 20:27:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708115268; cv=none; b=gc6lorh1pbjYMAGRvVCyNasDiPDMSOlRUY6VCSGfZBpTgw14VNVjl/tHzVfUDbb8iXiWLjL6VeZGCbQBpwAQmhvEp+sp+EhBQk8S3D4tG4sxWR7nsB/oaq1W3FcgV3FgjBcuoSrJxoKWXEfVcjkUlQFKcnb4zNx2iTkflDBUge0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708115268; c=relaxed/simple; bh=5eEyyHxk59pCQy01eZ3kO5VsW0KLoSkpdsO63ghICCI=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=T390rVYtQAA3egQVuY/vKiEKhPQrsA94z0arudBPiy7MuMq/bO1p/Ff2EZ16ouG57VZcJXLYaWmcYzwvZ5w4Mn5Z2Fp5SR36hUQcq2ogT6yLoHbcKzuigtnuwBKb06ZazmIzrV9200907fXRIDLAaEjSq6wkOrcROJigSaav/Do= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=C9s57z4z; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2851C433F1; Fri, 16 Feb 2024 20:27:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708115268; bh=5eEyyHxk59pCQy01eZ3kO5VsW0KLoSkpdsO63ghICCI=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=C9s57z4zJYL3RMdj308R+wIz3APNia/JGof6uISu1wROuMciZ7P8Vay9YbMooG65R J6lSDiXezleXAH8A6OCkWOL0ex4QNEebSeFeZKQe5hcX5D7qVYderfXMEgNh8RHbpz iDiU1GohfAtHLV3qM1XU8IxzZEg+xROk6l1175YK5++Nq4dKT4fXIaR8eRsyzz5TuL I3GkKwTW2a80A1gqhM3cJerdLKakhddVtcqPXi2ZkYmns/0N9t6KgB0NsMpX67r8Q8 8KVxW1btTlD6v1zkY/5aaJKWiCqHjltIVQkGNIV7m7xQpPGBRgpzMQwzyNqpUiB0v1 yal9i8V8MyLJQ== Date: Fri, 16 Feb 2024 21:27:48 +0100 (CET) From: Jiri Kosina To: Josh Poimboeuf cc: Greg Kroah-Hartman , corbet@lwn.net, workflows@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, security@kernel.org, linux@leemhuis.info, Kees Cook , Konstantin Ryabitsev , Krzysztof Kozlowski , Lukas Bulwahn , Sasha Levin , Lee Jones Subject: Re: [PATCH v4] Documentation: Document the Linux Kernel CVE process In-Reply-To: <20240216192625.o3q6m7cjgkwyfe4y@treble> Message-ID: References: <2024021500-laziness-grimace-ed80@gregkh> <20240216192625.o3q6m7cjgkwyfe4y@treble> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII On Fri, 16 Feb 2024, Josh Poimboeuf wrote: > - Not users of -stable since they already know they need to be on the > latest version. > > - Not distros or their users as it's just flooding them with low quality > CVEs which have no analysis or scoring. > > And enterprise distros will never be able to rebase onto -stable, > especially for older streams for which they have to be very selective, > in order to avoid destabilizing them. As you say, "a bug is a bug". Now that you have played the distro card (thanks!) here, let me just copy my comment from LWN where someone suggested "well, it's easy, it's the job of the [paid] distros to do the triage" ... The problem is, that with this new system, paid distros are going to suffer a big time (with no benefit to anybody at all). We'll have to put a lot of productive and creative (upstream) work on hold in order to have enough resources to sort out the havoc that LTS team is apparently going to create by DoSing the world with a truckload of irrelevant CVEs. -- Jiri Kosina SUSE Labs