|
|
Subscribe / Log in / New account

A turning point for CVE numbers

A turning point for CVE numbers

Posted Feb 16, 2024 3:34 UTC (Fri) by dgc (subscriber, #6611)
In reply to: A turning point for CVE numbers by sashal
Parent article: A turning point for CVE numbers

> I'm more than happy to personally check the CVEs assigned by kernel.org
> against RH's kernel trees, and request CVEs for issues that may affect RH's
> trees explicitly from the RH CNAs.

That escalated quickly, didn't it?

We've gone from LTS maintainers defending kernel developers against bad CVEs straight to LTS maintainers using their new authority to make extortion threats towards independent downstream CNAs in the space of a few discussion points.

It's no wonder there's a significant amount of distrust of this new power grab by the LTS maintainers. It will do nothing to lighten the CVE-related workload of downstream distros, and they seem to think nothing of using their authority as a weapon against independent, competing stable kernel products.

to post comments

A turning point for CVE numbers

Posted Feb 19, 2024 13:53 UTC (Mon) by sashal (✭ supporter ✭, #81842) [Link]

What authority? Anyone can request a CVE against a CNA.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds