LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Which is which

Which is which

Posted Jul 25, 2009 0:16 UTC (Sat) by spender (subscriber, #23067)
In reply to: Which is which by dlang
Parent article: Quotes of the week

BTW as we've mentioned repeatedly before, the only thing we called for in the past was for security-relevant information *known at the time of the commit* to not be omitted from the changelog. It would be silly to hold a fix from being published until its full impact could be determined.

Similar to how static checking is done after the fact, vendors should be employing people trained in security to spot bugs with security implications. The information could be posted on a blog similar to xorl's but with simple summaries of impact included as well. Xorl can push out several quality posts like these a day, and he does it for free in his spare time; there's no reason why a company with 600 million in revenue can't do the same.

-Brad

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds