Vulmon
On Tue, Oct 26, 2021 at 02:30:18PM +0200, Solar Designer wrote:
Krzysztof Kozlowski is the current NFC maintainer, so I asked him, and he
confirmed that he was on Cc when/after this was reported to
security () kernel org. So, this was independent from the reports that were
gone through linux-distros.
He was not aware that this was brought to linux-distros and I am not sure
he is familiar with its policy as he is not a member.
I don't think we should expect an upstream maintainer to notify
oss-security and need to rely on the other methods you already mentioned to
make sure we notice when things have gone public.
Cascardo.