@sima@gregkh@kees@kernellogger what is the benefit in tagging 'could maybe possibly be a security issue' to commits when the definition of that is so broad? Is it really beneficial?
Note that it's not just a 'tag' but for enterprise kernels often entails (potentially significant) work in addressing CVEs?
Perhaps a metadata tag would work better? Potentially-Exploitable or such? :)
Given the controversy around CVEs that might be a lighter touch than the gradual move towards treating more and more commits as if they were known security flaws.