> Fixes for race conditions that lead to data corruption are often a much > more important reason to update systems than a fix for a security bug > that can only be exploited by local users. > Security bugfixes are important, but they are no more important than > many other kinds of bugfixes. Why would they deserve a special label? question: when a commit fixes a bug that can result in data corruption, does it say so or not? because if it does, then you've just answered the question above. and if it doesn't, then how do you expect distro and other people maintaining their own kernel trees to figure out whether to consider the commit for backport or not? remember, you're playing with fire here, if the people doing the backport miss just one such a commit (out of the many thousands that go into a release, no less), they'll put their users' data at risk.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds