LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel bug 9416

Kernel bug 9416

Posted Jun 18, 2008 3:28 UTC (Wed) by spender (subscriber, #23067)
In reply to: Kernel bug 9416 by vonbrand
Parent article: Stable kernel 2.6.25.7 released 

Let's get straight what you were actually commenting on here, since you were turning it into
something it wasn't.

Willy said:
"And please, do not say "obfuscate" when speaking about commit logs,
it's more like "summarize", even if extreme summarization may lead to
obfuscation."

So the PaX team gave an example, where the commit subject was "isdn: avoid copying overly-long
strings".  I agree with them that this isn't a summary but rather a strained attempt at
obfuscating the issue.  Nothing would have been wrong with just copying the description from
the bugzilla entry, it wouldn't have required the invention of clever new phrases, and
wouldn't have required that people click on a bugzilla entry to figure out what was actually
fixed.

Please read and comprehend before posting.

-Brad

(Log in to post comments)

Kernel bug 9416

Posted Jun 18, 2008 4:20 UTC (Wed) by vonbrand (subscriber, #4458) [Link]

"Avoid copying overlong strings" does make my (mostly untrained!) alarm bell go nuts. If that is "obfuscation"...

In all this (by now extremely tiresome) discussion I have seen not a shred of evidence of wrongdoing. Perhaps carelessness, perhaps people not seeing potential security problems. Bugs get fixed, most developers care that it is a bug and don't care much if it might be a security problem. Others try to filter "important" (by whatever measures) fixes to apply to the "-stable" (by their measure) tree. If you disagree, you are wellcome to set up the "-secure" tree and do your own filtering and applying. In doing so, you won't be able to rely blindly on the commit messages (the bug fixer might be completely incompetent at seeing security implications) or the discussions that went before (they could all very well be completely off track), so this is hard, thankless work. If you moreover succeed in recruiting a bunch of hackers to help out, more power to you. That would be a real help, flinging all sort of conspiracy theories and ill will accusations around is counterproductive. If the people here (myself included) had spent their time chasing bugs instead of flaming around, we would all be better off.

Kernel bug 9416

Posted Jun 18, 2008 12:17 UTC (Wed) by PaXTeam (subscriber, #24616) [Link] 

> In all this (by now extremely tiresome) discussion I have seen not a
> shred of evidence of wrongdoing.

would that be because you haven't actually seen/read everything? if you have, please tell me
the history of this commit/bug:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-... .
if you don't see it immediately from the linked commit it's because it was intentionally
omitted. but you can always ask the committer. will you?

> Perhaps carelessness, perhaps people not seeing potential security
> problems. Bugs get fixed, most developers care that it is a bug and
> don't care much if it might be a security problem.

that shows how much of the discussion you saw. pretty much nothing. the issue is *not* with
people not realizing the security impact of bugs (noone expects people to disclose what they
don't know), but rather with intentional withholding/downplaying the same when it *is* known
to them. i gave you a lead above, try to find out what happened there and be shocked.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds