On Fri, Feb 19, 2021 at 06:09:16PM +0200, Mantas Mikulėnas wrote:
> On Fri, Feb 19, 2021 at 4:49 PM Lennart Poettering <lenn...@poettering.net>
> wrote:
>
> > On Fr, 19.02.21 09:28, Robert P. J. Day (rpj...@crashcourse.ca) wrote:
> >
> > > i guess i expected that the CVE identifier would be in the commit
> > > message. anyway, time to examine ...
> >
> > CVEs are assigned/published long after the commits to fix the issues
> > are made. We cannot retroactively change git commits, that's just not
> > how this works.
> >
>
> This *could* work with git notes, it seems --grep searches them as well.
Git notes do not work for anything but a local repo, sorry.
if people really care about CVEs, they know how to use them. But
really, they are mostly useless:
https://kernel-recipes.org/en/2019/talks/cves-are-dead-long-live-the-cve/
greg k-h
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
