syzkaller "Reporting Linux kernel bugs" out of date

[Solar Designer <solar () openwall com>]

Hi,

It came up in a discussion(*) on linux-distros that these guidelines:

https://github.com/google/syzkaller/blob/master/docs/linux/reporting_kernel_bugs.md

are years out of date.  They assume the good times when the Linux
kernel security team and linux-distros cooperated, and when MITRE and
distros could assign CVEs to kernel issues (so before Linux CNA).

I see this file isn't unmaintained - there are not-too-old commits
updating other parts of it - so maybe the maintainers simply didn't
realize this part became outdated so badly.

I guess I could volunteer to fix this via a pull request, but as I
didn't get around to even trying for a while now, I am at least bringing
this up in here.

One possible fix would be to rewrite parts to reflect the current
reality - and then maintain that.  Another would be to drop the
specifics and just refer to the kernel "Security bugs" page (there's
already a link to it, but it's also outdated/broken) and the distros
and oss-security wiki pages (these links exist and work).

In either case, I think it's inappropriate to give the linux-distros
posting address directly because instructions specific to that list are
a must read before sending anything to there, for both technical and
policy reasons.

(*) Of course, the mentioned "discussion" is of a certain issue being
currently mishandled in part as a result of these old instructions.

Alexander