Not so fast
Posted Jun 17, 2008 23:28 UTC (Tue) by man_ls
In reply to: Not so fast
Parent article: Stable kernel 188.8.131.52 released
besides a few strawmen [...]
"Straw man" commonly refers to the misrepresentation of someone's position. I don't see where I misrepresented your position, but I'm sorry that you feel I did.
The policy for security bugs you cite is specifically for people who contact the security team. If a specific bug doesn't reach them I don't see why that policy should apply at all. In some of the bugs you have brought up the security implications seem minor at best, so maybe that is why they were not sent to the security team; or maybe it was due to incompetence. Anyway for these bugs kernel devs are free to apply whatever disclosure policy they see fit (i.e. not bound by any document), and we are free to discuss if they do it sensibly, whether you care about it or not.
assessing security risks need to know whether the kernel commits are a reliable source of
information of that or not.
People assessing security risks should make their own assessments. They should not trust commit messages, and I don't see how you can suggest that they might even think about it.
to post comments)