> *not* to engage in analyses of those changes
FYI, Documentation/stable_kernel_rules.txt says among others:
- Security patches will be accepted into the -stable tree directly from the
security kernel team, and not go through the normal review cycle.
Contact the kernel security team for more details on this procedure.
i.e., the stable guys don't need to "engage in analyses".
> If the original committer doesn't say that something has security
> impact, there's no guarantee that anything will in the stable tree
and what if he says so? did you even bother reading the commit i pointed out? it has the
following trigger words (that's already a surprise considering how they're suppressed
normally, just look at this .25.11 stable release commit itself): 'oops', 'integer
wraparound', 'when you don't have permissions'. the question you should be asking is why this
commit wasn't forwarded to the stable people for inclusion.
> It's not as if they're getting paid for doing this
they are. every one of them is employed by Novell/Red Hat/etc and gets paid to do Linux work,
including stable work. the hobby (free time) linux hacker myth has been dead for over a
> and I'd appreciate it if you didn't annoy them so much that they stopped
> doing it:
that's not how things work in real life.
> having no stable tree at all would be much worse than having one without
> CVE info
and what about having a stable tree without, err, actual stable fixes? you know, like the one
i pointed out.