Of course it has. CVE identifiers have been misinterpreted/misused/misunderstood this way for years.
Jeremy Allison writes:
'" The data shows that “frozen” vendor #Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream “stable” Linux #kernel created by Greg Kroah-Hartman. '"
https://ciq.com/blog/why-a-frozen-linux-kernel-isnt-the-safest-choice-for-security/ #LinuxKernel
Get out of the way of your developers or lose them to someone who will.
— Adrian Cockcroft
I just got a few ideas for the next idiotic #opensource DMCA takedown notice I have to respond to...
"hi I am Greg, this is wrong, everything I say is public information and *not* under NDA" - @gregkh on stage of the #GoogleAndroidBootcamp
@Conan_Kudo @karolherbst the quip I usually drop on this:
upstream can remain stubborn for much longer than you can retain market share
it just takes decades, and to nvidia's credit they started to move before it got really costly for them. unlike pretty much everyone else
Saturday's stable kernel updates https://lwn.net/Articles/969732/ #LWN
Four stable kernel updates https://lwn.net/Articles/969352/ #LWN