If they know it is a security risk, they'll probably say so. The problem is that (as has been said many, many times) finding out if a particular glitch has any actual impact ("sure, this could lead to an integer overflow if <add longish list of conditions on variable values>, in which case maybe..."), let alone can be exploited as a security hole, is hard work and requires a mindset and training that not many kernel developers share. Any such assesment they do will miss an order of magnitude more exploitable flaws than the ones flagged, and flag many that are completely irrelevant. Pure noise, a complete waste of effort.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds