> those are the people responsible for patching the kernel, which they did 30 days ago.
replyThey patched 2 of 7 supported kernels.
Guess the other supported kernels aren't supported enough
replyI see, may the people who are responsible for the infrastructure you depend on be less concerned about shifting blame than you are.
replyimagine you use a dependency in your code. like left-pad. and some vulnerability is found in left-pad.
replyis the reporter of that vulnerability responsible for finding and submitting a vulnerability report to every single piece of software that uses left-pad? all ~millions of them?
or do they submit the report to left-pad, get them to fix it at the source, and trust that the people relying on left-pad will update their software like they should when they see a security-relevant update is available?