On Fri, Jul 19, 2019 at 10:50:17AM +0200, Richard Brown wrote:
On Fri, 19 Jul 2019 at 10:43, Jiri Slaby <jslaby@suse.cz> wrote:
I usually don't mind (or care) as I personally use Kernel:stable anyway (*). But due to this, recently, the TCP SACK CVE fixes landed to Tumbleweed long after the EMBARGO was dropped and long after many other distributions already had a fixed kernel. Given users like you are complaining staging managers might consider a change :).
Yup, that seems suboptimal. I would imagine the staging managers had no idea there was anything special about this kernel submission.
Did anyone notify the staging managers regarding the CVE sensitivity of the submission?
I've found that a note in an SR, an email or a ping in IRC to any of the staging managers is universally met with my request being handled in the way I wish. I would be shocked if they couldn't have shoved the kernel in its own staging and got it through quickly.
I'm having to do that right now given I've got half a dozen submissions that absolutely need the opposite treatment - they need to be clumped together and care taken to ensure we only merge them as one unified blob :)
We occasionaly ping dimstar on critical security issues. AFAIR for SACK fixes these also had problems with overlayfs at the same time, where openqa used overlayfs incorrectly. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org