LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Stable kernel 2.6.32.8

Stable kernel 2.6.32.8

Posted Feb 19, 2010 8:53 UTC (Fri) by mjcox@redhat.com (subscriber, #31775)
In reply to: Stable kernel 2.6.32.8 by eteo
Parent article: Stable kernel 2.6.32.8

> Deliberate obfuscation of security-relevant changelogs
> is not the right thing to do.

At Red Hat, if we know something is a security issue in any package, and we fix it, we'll get a CVE for it (if it's missing one) and label it in our updates as well as mention it in public bugs/mailing lists etc.

If something we fix later turns out to have a security relevance we didn't know about at the time, we'll retrospectively add the CVE to the relevant errata.

We definitely encourage clear and complete upstream changelogs that highlight security relevant issues.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds