>The kernel policy is that any distro that isn't using a rolling release kernel ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gruez 22 days ago \| parent \| context \| favorite \| on: Sandboxing Untrusted Python >The kernel policy is that any distro that isn't using a rolling release kernel is unpatched and vulnerable, so "reasonably up-to-date" is going to lean heavily on what you consider "reasonable". I would expect major distributions to have embargoed CVE access specifically to prevent this issue.

staticassertion 22 days ago [–]

Nope, that is not the case. For one thing, upstream doesn't issue CVEs and doesn't really care about CVEs or consider them valid. For another, they forbid or severely limit embargos.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact