The call for topics for the Linux
Kernel
Maintainers Summit went out on August 15; one proposed topic has
generated some interesting discussion about security-bug reporting for the
kernel.
A recent patch
to the kernel’s documentation about how to report security bugs recommends
avoiding posting to the linux-distros
mailing list because its goals and rules do not mesh well with kernel
security practices. That led Jiri Kosina to suggest
a discussion on security reporting, especially with regard to Linux
distributions.

Source: LWN.net – [$] Kernel security reporting for distributions