> Then he can post privately to the -stable team.
in case you didn't read http://lwn.net/Articles/285438/ , the problem is not with -stable per
se, it's just one of the causalties of the policies played on the kernel security mailing list
(although it's probably not a coincidence as there's overlap between the members). it should
also be clear by now that we are NOT going to play ball with that list. i even told you so in
the past already (remember the random driver stack overflow bug?). the reason is very simple
and sad at the same time: this list has become the primary place to discuss then hide security
information about bugs. in case it's not clear, the problem is not with the 'discuss' part but
the 'hide' one.
> But I think that unfortunately, Brad is not trying to improve Linux but
> to demonstrate it's a pile of crap, maybe in order to promote security
> add-ons such as grsecurity.
how is exposing the dishonesty of certain kernel developers not improving linux? do you want
people to live without knowing what bugs have security related consequences? if said
developers are unwilling to practice full disclosure (despite public reassurances, mind you)
then someone else has to. and how on earth is this supposed to promote grsecurity (or any
other access control system)? if anything, they all suffer collateral damage from this policy
> But it's doing no service to him either because acting this way will
> scare away people who look for a reliable system.
i did that more than 3 years ago already:
http://forums.grsecurity.net/viewtopic.php?p=3805#p3805 and i still stand by what i said back
then. in fact, the situation has become a whole lot worse since.
> IMHO, he would be of great help if he would accept to be on the -stable reviewers list.
it's too late by then, the problems start with the kernel security list, -stable feeds on
that. and no amount of private lists will help the accountability problem you're having now.
the way of solving that is to make the archives public after a certain period (there's nothing
to hide after the bug is fixed and public, right?) then we can talk about having improved