Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/cks/statuses/112436837742579941">Chris Siebenmann (cks@mastodon.social)'s status on Friday, 17-May-2024 01:14:52 JST</a><a href="https://mastodon.social/@cks" title="cks@mastodon.social"><img src="https://gnusocial.jp/avatar/97051-48-20230210172853.webp" width="48" height="48" alt="Chris Siebenmann" style="position: absolute; left: 0; top: 0;">Chris Siebenmann</a><div><a href="https://mastodon.social/@cks/112418602251245978" rel="in-reply-to">in reply to</a></div></section><article><p>A realization: One way to describe the Linux kernel CVE situation is that the Linux kernel developers aren't going to be providing security analysis of bugfixes (or kernel changes in general) any more, especially for unsupported kernel versions. This is not quite accurate; some fixes will certainly come with a security analysis (eg, ones reported to the kernel as unfixed security issues). But fewer will than before.</p><p>Is this bad? Well, the analysis before was not infrequently wrong, so.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3099782#notice-6142089">In conversation</a><time datetime="2024-05-17T01:14:52+09:00" title="Friday, 17-May-2024 01:14:52 JST">about 6 months ago</time> <span>from <span><a href="https://mastodon.social/@cks/112436837742579941" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@cks/112436837742579941">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2183809">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Chris Siebenmann (cks@mastodon.social)'s status on Friday, 17-May-2024 01:14:52 JST Chris Siebenmann
in reply to
A realization: One way to describe the Linux kernel CVE situation is that the Linux kernel developers aren't going to be providing security analysis of bugfixes (or kernel changes in general) any more, especially for unsupported kernel versions. This is not quite accurate; some fixes will certainly come with a security analysis (eg, ones reported to the kernel as unfixed security issues). But fewer will than before.
Is this bad? Well, the analysis before was not infrequently wrong, so.
In conversationabout 6 months ago from mastodon.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice