On Tue, Feb 26, 2013 at 11:41:53PM -0500, Michael Gilbert wrote:
Anyway, on a more serious note, at some point, acceptance will look
something like a real kernel-sec team that does essentially what you
just did, but on a continual basis: reviewing most/all commits for
potential security concerns and forwarding them to oss-sec to increase
identification and awareness to be applied downstream.
I will say flat out that this is an impossible task to accomplish.
As proof of that, I suggest you do this for just one major kernel
release cycle (2-3 months long).
You do know the number of patches applied to the Linux kernel every
Would you have caught the patch that started this thread? I sure
didn't, and I was the one who originally applied it to the kernel tree
in the first place. Doing "root-cause" research for every patch is
non-trivial, as I know you realize.