[iTokio]

The most interesting exchange, related to disclosure, is this one:

https://www.openwall.com/lists/oss-security/2026/05/01/3

> Nope, sorry, we are NOT allowed to notify anyone about anything "ahead of time" otherwise we will have to tell everyone about everything. That's the only policy by which all the legal/governmental agencies have agreed to allow us to operate in, so we are stuck with it.

greg k-h

[whateverboat]

As much as I like linux, this is stupid.

[fguerraz]

Distributions using outdated (sorry “stable”) kernels are stupid.

We are not 20 years ago, the world in which it made sense doesn’t exist anymore, but the industry is slow to move on. Just pick a long term release and update it regularly.

[harshreality]

Yes.

Distros (point release distros) should use LTS kernels and keep up to date with them. Their "we'll maintain our own kernel branches" model either leads to many missed bugfixes, or duplicates Greg K-H's workload internally, for no practical benefit.

If a distro is suspicious of particular patches in the -stable tree, they could maintain a blacklist of them. However, instead of doing that and accruing overhead of possible future merge conflicts, they should hash out their concerns on the -stable mailing list.

[sehansen]

Unfortunately not all of the LTS kernels were updated with this patch before the public disclosure.

[whateverboat]

Fair enough.