LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Let's talk about how to improve things, instead?

Let's talk about how to improve things, instead?

Posted Jun 11, 2008 14:15 UTC (Wed) by PaXTeam (subscriber, #24616)
In reply to: Let's talk about how to improve things, instead? by hmh
Parent article: Stable kernel 2.6.25.6 

i think you should be having this discussion on lkml, not here. after all, that's where the
kernel devs in question are. also, what is not clear about:

  We prefer to fully disclose the bug as soon as possible.

(quote from Documentation/SecurityBugs)? it later elaborates only on the disclosure date,
never on the extent of the disclosure. in other words, nothing ever even just hints at
possible partial or non-disclosure at all. and that's exactly what has happened as you can see
from the few examples in this thread. what else do you really want to put into writing?

as for -stable, i guess you haven't read the whole thread, so please do so now and understand
that the problems don't start with -stable per se (most of the time, there're exceptions like
the ptrace case documented above), it's way before and for these security related bugs, on a
closed and secret list (read: noone is accountable, that's why they think they can get away
with it).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds