What to do about CVE numbers
What to do about CVE numbers
Posted Oct 7, 2019 10:54 UTC (Mon) by IanKelling (subscriber, #89418)In reply to: What to do about CVE numbers by khim
Parent article: What to do about CVE numbers
Posted Oct 7, 2019 13:55 UTC (Mon)
by corbet (editor, #1)
[Link] (1 responses)
Posted Oct 8, 2019 12:04 UTC (Tue)
by IanKelling (subscriber, #89418)
[Link]
Corbet, good to know that wasn't intended, but it's clearly there. You wrote:
> The final question was about users who are stuck with vendor kernels that will not be upgraded; what are they to do? Kroah-Hartman responded that this is a real problem. Those vendors typically add about three-million lines of code to their kernels, so they are shipping a "Linux-like system". The answer is to force vendors to get their code upstream; to do that, customers have to push back.
So, "the answer" is very clearly a reference to "users who are stuck", present tense stuck, but your saying, of course thats not what you really meant, only preventing it for future users, but you need to sayyy that if its what you mean. Its like saying "What about the problem that there are a million or so species that will go extinct due to current carbon levels. The answer is to decrease our carbon emissions." But of course, that is not an answer to the stated problem since it won't change existing carbon levels or their effects. It's an answer to prevent the next million, but you have to say that, or else people will read what you wrote literally.
I think you've read something into the article that wasn't there. Nobody thinks that upstreaming is going to rescue all of the unsupported devices out there. Nothing is going to fix those. The objective is to stop creating such devices in the future.
Getting code upstream
Getting code upstream