@vegard @kernellogger @larsmb @gregkh @pavel yes, I've generally not commented on this as a. I'm not involved with an enterprise kernel at this point and b. the complexities of the issue, but from my perspective it's the lack of acking how the _reality_ of how kernels are used by the companies which fund a huge amount of core dev.

I mean even if you think the way it's done is awful there should be some acknowledgement of that fact, especially when people are explicitly saying 'dude we are in a position where we _have_ to filter through this stuff'.

And I think the whole 'well there's a ton of bugs who knows which could be a security flaw' is dubious at best.

Some bugs are very clearly more problematic or have more clearly been shown to be security flaws than others.

Of course all this speaks to how incredibly crap the whole CVE system is as a whole, but I'm just not sure going nuclear is the way forward.

I think the kernel taking control of the CNA side is _good_, the spamming aspect, seems not so good.