> Once again, if you have any comments, questions, or concerns about how I
> and the other kernel developers are handling the -stable updates and
> notifications, please do so on the linux-kernel mailing list and I will
> be very glad to discuss them there, in public.
so, i did just that yesterday. note that you might want to fix your spam filters because i
didn't see my mail show up in the archives nor did i get a bounce. but at least the
individuals on CC (yourself included) should have got it. for reference for others in case it
doesn't make it into the archives:
On 3 Jul 2008 at 11:57, Greg KH wrote:
> On Thu, Jul 03, 2008 at 10:29:14AM -0700, Greg KH wrote:
> Adding 2 more addresses to this thread, as they were said to have
> questions about this kernel release.
not only this one, but every commit for the past few years that fixed
bugs with security impact. for reference:
> Again, if the above information is somehow insufficient as to what
> exactly is fixed in the -stable releases, and anyone has questions about
> how these release announcements are created, please let me know.
what is the disclosure policy used for commits fixing bugs with security
impact (both vanilla and -stable, especially if there's a difference)?
what do you include/omit?
how does it relate to what is declared in Documentation/SecurityBugs?