>1. Set the CRD for the CVE in Debian/Ubuntu, then after CRD release my patch as the security update on supported releases (applies to both edk2 package and LXD snap).
Sounds good. So, we are waiting for your ping to land this fix to the LXD then, right?
>2. At some (currently unspecified) point in time, I'll develop a new key enrollment strategy for the edk2 ...
>1. Set the CRD for the CVE in Debian/Ubuntu, then after CRD release my patch as the security update on supported releases (applies to both edk2 package and LXD snap).
Sounds good. So, we are waiting for your ping to land this fix to the LXD then, right?
>2. At some (currently unspecified) point in time, I'll develop a new key enrollment strategy for the edk2 ...
Sure!
Alex