oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Coordinated Disclosure in the LLM Age

From: Greg KH <greg () kroah com>
Date: Fri, 15 May 2026 11:27:00 +0200
On Fri, May 15, 2026 at 10:49:34AM +0200, Yves-Alexis Perez wrote:

On Wed, 2026-04-29 at 19:22 +0200, Willy Tarreau wrote:

I'm increasingly doing that myself already, and predicted the death of
embargoes a serveral months ago. Now I just remove unneeded details from
commit messages, merging and issue releases to keep users protected.


Hey Willy,

Unfortunately that also has the side effects to hide security-relevant commits
from downstream integrators and users. Not that we really have the time to dig
each and every commit of each and every project (especially fast moving ones)
but we definitely miss things here and there without a heads up.


With the advent of the reporting requirements of the EU CRA law, as of
the end of next year, all projects will have to be reporting their
"security bugfixes" to the EU, so you will be able to go off of that
feed.

Although that is a 18 months away, but something to look forward to :)

thanks,

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: