My analysis of Linux kernel security flaws shows an average lifetime of 5 years still https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ …
if distros do security update, there's a CVE (lots assigned way after the fix). Maybe compare date of fix vs CVE date-of-issue
-
-
Talking about all kinds of bug fixes that do have a security relevance if you look closely, but that aren't backported at all.
-
This is why I tell everyone to use an upstream -stable tree instead of cherry-picking CVE fixes.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.