Saagar Jha (@saagar@saagarjha.com)

mort

05/26/2024 (replying to Morten Linderud)

@Foxboron No

2 replies →

2 replies

tbodt

05/28/2024 (replying to mort)

@mort @Foxboron i scrolled briefly through the list of cves assigned last friday and it looks like the largest chunk are memory safety issues. maybe you should update your kernel... though most of them are in optional components. maybe it would be useful to include metadata on the cve describing what kconfig you need for the affected code to be compiled in

Saagar Jha

05/28/2024 (replying to mort)

@mort @Foxboron You can keep saying no all you want; it doesn’t make it any more true. CVEs have basically never been an accurate representation of changes that have security impact. Actually trying to do this remains an open problem that requires significant resources.

Saagar Jha

05/28/2024 (replying to Saagar Jha)

@mort @Foxboron You’re upset that the situation went from “these are 10% of the security bugs and each one is definitely bad” to “this is 100% of the security bugs and maybe 10% of them are definitely bad”. Neither helps you solve the problem you have of “should I update”.