LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

"Candid" doesn't mean hidden

"Candid" doesn't mean hidden

Posted Jun 11, 2008 17:33 UTC (Wed) by tialaramex (subscriber, #21167)
In reply to: "Candid" doesn't mean hidden by PaXTeam
Parent article: Stable kernel 2.6.25.6 

If you use words in the opposite sense to their correct meaning without any trace of irony
then people certainly are entitled to assume that's because you don't actually know what they
mean. I see that a dose of your own medicine doesn't suit you.

You've several times provided links which actually don't say what you claim they do. This time
you suggested that the Linux security list has a policy of full disclosure, when in fact the
document you mentioned uses weasel words to declare that disclosure should happen "as soon as
possible" which means nothing at all.

No congratulations are necessary. I did not find a bug, I just read a randomly chosen commit
log. Anyone can do it. Maybe more people should.

(Log in to post comments)

"Candid" doesn't mean hidden

Posted Jun 11, 2008 21:11 UTC (Wed) by PaXTeam (subscriber, #24616) [Link] 

i see you're getting sidetracked into various things which is a good sign that i raised valid
points you don't contest.

> You've several times provided links which actually don't say what you
> claim they do.

this is a blanket statement without any proof/explanation. elaborate please.

> This time you suggested that the Linux security list has
> a policy of full disclosure, when in fact the document you mentioned
> uses weasel words to declare that disclosure should happen "as soon as
> possible" which means nothing at all.

said document talks about 'full disclosure', not mere 'disclosure' (nice attempt but you got
caught). second, if you cared to read the comment at the bottom of this thread, you'd realize
that said document doesn't at all raise the issue of the amount of disclosure, only its
potential timing. so we're in agreement that the disclosure policy is 'full disclosure' (and
which is what wasn't observed in several cases i cited). i've said nothing else and you
haven't contradicted it either. and frankly, if you're not an active party in all this
non-or-half-assed-disclosure process, you have zero idea about what you're talking.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds