Open kdave opened 3 years ago
Unless @dvyukov has that info, suggest we just close this issue.
Right, it's an internal link. Sorry. I've tried to find any similar public statements, but it's very hard to google for something like "subsystems don't mark patches for stable" b/c there are lots of LWN articles that mention all of these words...
I'm interested and curious if there's something to improve in the process, or if there's a subsystem not usually hit by security problems that should be more careful about that or what kind of issues/patches slip under the radar even if people care. There was not much to start with in the presentation IIRC, a link to discussion would be best of course, perhaps something for future security presentations.
Frankly I don't know the current status and if/how things have improved. Perhaps @gregkh and @sashalevin can share more on the current status of the stable process:
One problem that I think still exists is stable patches that don't automatically apply to older trees, such patches may be lost.
And invalid link on the above presentation, that's not nice to do drive-by github requests with no context about private presentations...
The presentation is in this git repository, https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf
Hi,
in the presentation (./presentations/The_state_of_the_Linux_kernel_security.pdf) slide 25 there's a link to subsystems that refuse to tag for stable, leading to https://groups.google.com/a/google.com/g/kernel-dynamic-tools/c/SZnwXich2tM/m/gTkaJXxxAQAJ , but there's nothing on that page, nor kernel-dynamic-tools seems to exist on lore.k.org. The google group itself https://groups.google.com/a/google.com/g/kernel-dynamic-tools/ says it's inaccessible.
Can somebody please be more specific what subsystem is it and post a working link? Thanks.