Re: linux-distros list policy and Linux kernel, again

[Demi Marie Obenour <demi () invisiblethingslab com>]

On Sat, Aug 26, 2023 at 02:31:29AM +0000, Seth Arnold wrote:
> On Sat, Aug 26, 2023 at 12:23:59AM +0200, Solar Designer wrote:
> > I'd appreciate any well-reasoned votes and constructive suggestions.
> > Maybe there are good ideas that didn't cross my mind yet.

(snip)

> - Ask Red Hat's CNA to consider setting up an automatic CVE assignment
>   process for syzkaller issues. (Red Hat's CNA is now serving as a Root
>   CNA for FOSS issues in general, so it feels like a plausible place to
>   put this process. Google runs syzkaller and has four CNAs, perhaps
>   one of them would be a better fit. Maybe the Linux Foundation could
>   run a CNA for this purpose. I'm not picky.)
>
>   We shouldn't indulge the very-low-effort-researchers who aren't putting
>   in much effort but trying to get CVEs.

That would be an awesome idea.  Hopefully "latest kernel has X unfixed
CVEs" puts pressure on Red Hat, Oracle, SUSE, and other vendors to hire
more people to fix the problem.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description: