> The vulnerability would be buried. Greg is extremely, consistently reluctant t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

scottlamb on July 15, 2021 | parent | context | favorite | on: CVE-2021-22555: Turning \x00\x00 into 10000$

> The vulnerability would be buried. Greg is extremely, consistently reluctant to issue CVEs without security engineers bending over backwards.

From https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-... I'd paraphrase his philosophy as kernel developers should fix bugs (without requiring they be security-related or worrying about CVE assignment), users should run a recent stable/long-term kernel.

staticassertion on July 15, 2021 [–]

LTS is a noble effort but leaves quite a lot to be desired, and doesn't really change the fact that Greg (and others) have multiple decades of history hiding vulns and pushing back on CVEs.

gnubison on July 19, 2021 | [–]

Have you watched the talk? Greg talks a lot about the flaws with CVEs.

staticassertion on July 19, 2021 | | [–]

Yes, I have.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact