> (short of him committing a potential felony by launching attacks himself
> or selling the exploit)
For every spender I expect there are a dozen people doing exactly that.
Linux is big business now and big money is to be had by trolling the kernel
commit logs and looking for mislabeled vulnerabilities. I suppose that
there is enough money in it that a person could do pretty much nothing else
but follow along with kernel development and make a living that way.
Personally I have to maintain a handful of different kernels for personal
and professional reasons. It would be nice if I could trust the commit
Although it would be nice if Spender could direct his attention towards
finding exploits in rc kernels! :) Maybe one of the big commercial Linux
guys would hire him or some other group of people to concentrate entirely
on code quality in terms of security and figuring out more and more
automated checks and whatnot. Something can be done, I suppose.