Re: [PATCH v2 2/3] Documentation: security-bugs: explain what is and is not a security bug

Next message: Uwe Kleine-K&#xF6;nig (The Capable Hub): "[PATCH] x86/platform/intel-mid: Use named initializer for pci_device_id array"
Previous message: Moshe Shemesh: "Re: [PATCH net-next V2 3/3] net/mlx5: Add VHCA_ID page management mode support"
In reply to: Peter Zijlstra: "Re: [PATCH v2 2/3] Documentation: security-bugs: explain what is and is not a security bug"
Next in thread: Willy Tarreau: "Re: [PATCH v2 2/3] Documentation: security-bugs: explain what is and is not a security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Linus Torvalds

Date: Thu May 07 2026 - 11:40:29 EST

On Thu, 7 May 2026 at 00:07, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> Perhaps also note that including a reproducer for a crash in public is
> fine, including a full blown exploit is not.
>
> So perhaps that can serve as a guide

That would be a good rule, I think - and I like how it has the
advantage of being very explicit and black-and-white, rather than some
"I think my bug is so important that it should be sent to the speshul
super-sikret list".

Because we all think we are special. Our mothers told us so, and even
the AI bots are typically explicitly told to act as experts. So they
think they are special too.

Linus