Greg K-H

Is @gregkh saying #linux kernel is at the point where testing it and reporting more security bugs does not have any value anymore? I am concerned. "We are drowning in syzkaller reports and just throwing them at us doesn't really help anyone here anymore" https://lore.kernel.org/dri-devel/20200710103910.GD1203263@kroah.com/ …

It’s a matter of degree. While every crash from user space is an issue that should be fixed, it’s worth asking who is benefiting by calling it a security issue. It’s much more beneficial to everyone if a report gives a fix which was the real point.

Maybe useful to know 'this interface (USB, netlink, io_uring...) is full of holes maybe correct those before opening seven hundred more? I mean those big reports come with a reproducer. It's not like static analysis where there's false positives. It crashes and here's why.