| |||||||||||||
poor social estrategypoor social estrategyPosted Jan 9, 2005 17:13 UTC (Sun) by PaXTeam (subscriber, #24616)In reply to: poor social estrategy by sbergman27 Parent article: grsecurity 2.1.0 and kernel vulnerabilities
everything i discussed here very much belongs to the public and it shall stay so. i see you are quick to accuse others of being irresponsible but don't actually have the guts to apologize when your claims prove to be without merit. you also haven't realized that there are bigger issues here than the fate of a handful bugs, which is the whole point why we tested the waters with them only, not more critical stuff. some questions for you and the community to answer: why can the BSDs have a designated security officer and linux not? why can you communicate with said officers using proper encryption whereas you cannot with vendor-sec? why did nothing happen after the do_brk() bug/exploit leak more than a year ago so just in time history could repeat itself with the uselib() bug/exploit? why didn't you, Steve Bergman, complain about *that* yet? why is it acceptable that isec can release local root exploits with their advisories (which are anything but simple to understand and hence reproduce) but a few liner in assembly (trivial to reproduce) makes you scream 'irresponsible'? hipocrisy abound and you talk about holding others to higher standards.
(Log in to post comments)
keep the pissing contests for IRC Posted Jan 9, 2005 22:07 UTC (Sun) by dw (subscriber, #12017) [Link] If there is still a problem here, take it to e-mail, or IRC. LWN comment postings are not the place for it - remember your comments will probably exist here long after you cease to.
keep the pissing contests for IRC Posted Jan 10, 2005 12:13 UTC (Mon) by coolian (guest, #14818) [Link] Just remember, the Pax guy is trying to do a good thing, and wants itfixed. He may have the social graces of a walrus, but he's at least *doing* something about a problem. Stop ripping the guy and acting like armchair quarterbacks.
keep the pissing contests for IRC Posted Jan 10, 2005 12:29 UTC (Mon) by zorgan (guest, #4016) [Link] May I politely request that everybody stops confusing the PaX team withthe grsecurity developers? I haven't seem anybody of the PaX team "behaving like a social walrus" (not that I think this term would be fair to Brad Spengler, either). Anyway, the suggestion that Andrea Arcangeli would currently be more of a VM maintainer than Linus Torvalds or Andrew Morton is so funny that I don't understand why anybody took sbergman27 seriously. He has done important development on the VM a couple of times, but he has never adopted anything like a maintainer's role, AFAIK. But I think the main point remains (and that's why this discussion makes sense): If Linus and akpm get too much flooded with e-mails that they cannot even reply to a local DoS report within 3 weeks, then maybe they should appoint someone to be a security contact person? Someone who is willing to look into such reports, can judge their severity, and contact the relevant maintainers to review proposed patches etc.?
keep the pissing contests for IRC Posted Jan 11, 2005 8:11 UTC (Tue) by Wol (guest, #4433) [Link] Why's it funny that "Andrea would be more of a VM mainainer than Linus"?
After all, it was *Andrea* that *wrote* the thing in the first place, not Linus...
Cheers,
keep the pissing contests for IRC Posted Jan 11, 2005 20:11 UTC (Tue) by zorgan (guest, #4016) [Link] Because *writing* != *maintaining*.Maintaining means reviewing other people's patches, forwarding them to tree maintainers, making sure the code stays clean and well-documented, etc. Andrea has not even bothered much sending his own to Linus/Marcelo.
poor social estrategy Posted Jan 10, 2005 13:07 UTC (Mon) by philips (guest, #937) [Link] Thanks for you work, PaX.
I've being hitting this bug (as bug, but not securinty hole) several times before.
I hope that now it will be fixed.
|
|||||||||||||