El 15/05/26 a las 11:27, Greg KH escribió: > On Fri, May 15, 2026 at 10:49:34AM +0200, Yves-Alexis Perez wrote: > > On Wed, 2026-04-29 at 19:22 +0200, Willy Tarreau wrote: > > > I'm increasingly doing that myself already, and predicted the death of > > > embargoes a serveral months ago. Now I just remove unneeded details from > > > commit messages, merging and issue releases to keep users protected. > > > > Hey Willy, > > > > Unfortunately that also has the side effects to hide security-relevant > > commits > > from downstream integrators and users. Not that we really have the time to > > dig > > each and every commit of each and every project (especially fast moving > > ones) > > but we definitely miss things here and there without a heads up. > > With the advent of the reporting requirements of the EU CRA law, as of > the end of next year, all projects will have to be reporting their > "security bugfixes" to the EU, so you will be able to go off of that > feed. > > Although that is a 18 months away, but something to look forward to :)
While the full regulation will apply from December 2027, the Reporting obligations of manufacturers (art14), "shall apply from 11 September 2026", according to Article 71 (art71). [art14] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#art_14 [art71] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#art_71 Cheers, -- S
signature.asc
Description: PGP signature
