> "Straw man" commonly refers to the misrepresentation of someone's
> position. I don't see where I misrepresented your position, but I'm
> sorry that you feel I did.
where did we suggest that 'our way' is to unleash full blown exploits on the unsuspecting
public in order to stress the bug's importance?
> The policy for security bugs you cite is specifically for people who
> contact the security team.
stop right there. we weren't talking about anything else but security issues discussed and
subsequently covered up in secret lists. what happens in public forums is not under
> If a specific bug doesn't reach them I don't see why that policy should
> apply at all.
in that case what's the question at all? what they don't know they can't cover up.
> In some of the bugs you have brought up the security implications seem
> minor at best, so maybe that is why they were not sent to the security
which ones are you talking about? FYI, every one of the commits we brought up had been
discussed on either the kernel security list or vendor-sec. besides, what do you call 'minor'?
does your definition of 'minor' also match that of the rest of the world? did you make sure?
then what entitles you to make that judgement call instead of the world? see, you already
showed the exact bad mindset that plauges the kernel devs engaged in covering up security
bugs. *you* don't get to decide what is important information for *other* people. the *other*
people do. understand?
> Anyway for these bugs kernel devs are free to apply whatever disclosure
> policy they see fit
what bugs again? if bugs are not on a secret list then they're in a public one, what's there
to 'disclose' that isn't already public?
> They should not trust commit messages,
says who? 'man_ls' or is it the agreed-upon kernel policy? do you even realize what you just