Login

Recent searches

No recent searches

Search options

Only available when logged in.
treehouse.systems is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community of friends mostly surviving in the technology industry. If you sign up, please provide a Twitter, GitHub, or personal blog or website link for us to get to know you better.

Administered by:

Server stats:

526
active users

treehouse.systems: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.0-alpha.5+glitch.th

ilmari

@dysfun

They've decided the CVE system is a shitshow, have become their own CNA, and are trolling it by assigning a CVE to every bugfix:

Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team is overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team.

lwn.net/Articles/961978/

lwn.netA turning point for CVE numbers [LWN.net]
May 07, 2024, 10:04 AM·Public·Web
3boosts·11favorites
Genders: ♾️, 🟪⬛🟩; Soni L.
Public

@ilmari @dysfun wait...

couldn't someone just... soft-fork the kernel and assign their own CVEs instead? a soft-fork is Technically a Different Project:tm:.

🤡

Explore
About