[worthless-trash]

I used to be work in a group that 'managed' this information a while back. I used to work in redhat product security dealing with embargoed flaws and disclosure dates, it was non trivial to get this process managed.

I do think that its the right thing to do, if the reporter is willing to come to the party, but I also understand why if they dont want to.

> Part of the solution is each distro needs a process for > pushing critical updates (module blacklists, ebpf patches) > to address things like this without forcing all distro > users to reboot, which many won't do promptly anyway.

Almost like a 'mitigation tool' that doesn't require expertise on the users end, but on the providers end.