>distributions could have done _something_ to protect their users prior to publication date.
yeah, distributions could be following the kernel updates more closely and they would have been patched prior to publication. mainline was patched 30 days before publication.
it is not the reporter's responsibility to babysit the linux distributions.
And here, with this comment, we see how the overall system functions: nobody actually cares what is going on with anything outside of themselves. It is a large group of individualized nihilists with total disregard to everyone, and you will provide lengthy justifications to maintain this system, as is.
It is a large group of people with their own incentives, and you're surprised they aren't self-organizing (or accepting outside pressure) to align with your own incentives.
>nobody actually cares what is going on with anything outside of themselves.
"not caring" would be not disclosing the vulnerability at all, and instead selling it to the highest bidder on one of the private markets
which, given the ridiculous and undeserved lashings the researchers are receiving from people completely outside of the security ecosystem, i would not be surprised if they moved in that direction. they would certainly make more money.
yeah, distributions could be following the kernel updates more closely and they would have been patched prior to publication. mainline was patched 30 days before publication.
it is not the reporter's responsibility to babysit the linux distributions.