Commit ID / Git Kernel Hash as a security id

Posted Oct 5, 2019 7:25 UTC (Sat) by adamg (guest, #42260)
Parent article: What to do about CVE numbers

Here I wonder. We probably still want to track if security fixes are applied to stable kernels.
This will mean we will have multiple Commit IDs to a single security vulnerability.

Comparing this to CVE (which may contain links to multiple git hashes) I think the latter is better.

Perhaps it might be better to split from NVD and create LKNVD (Linux Kernel National Vulerability Database)?

Commit ID / Git Kernel Hash as a security id

Posted Oct 5, 2019 8:51 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

Maybe NKVD: National Kernel Vulnerability Database?

Commit ID / Git Kernel Hash as a security id

Posted Oct 5, 2019 9:21 UTC (Sat) by amacater (subscriber, #790) [Link] (1 responses)

That could go well with the Kernel Gross Bugcount - itself descended from the Obvious Greatest Problems (with) Unix

Commit ID / Git Kernel Hash as a security id

Posted Oct 5, 2019 9:51 UTC (Sat) by dottedmag (subscriber, #18590) [Link]

Maintained by Federated Security Brigade.