Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
it was a private discussion via email and i think i'm not at liberty to quote it without consent but if the other participants agree to make them public, so do i.
22.214.171.124 Release notes
Posted Feb 22, 2010 12:44 UTC (Mon) by tialaramex (subscriber, #21167)
The write ups themselves would not constitute part of a "private discussion"
Posted Feb 22, 2010 13:38 UTC (Mon) by PaXTeam (subscriber, #24616)
no, you were just being dense as usual. try to read the sentences next to what you quoted and understand that the whole effort sort of died down and not because we wanted it.
> I am asking if these "cursory write-ups" actually exist.
i can't speak for spender here but i keep my own logs on various commits here for stuff that i find relevant for myself (not necessarily security related either). but that's a private list and not what we were going to publish.
> It seems not.
it seems you're just trolling as usual. but if you want to get a taste of what was going to be published, read spender's twitter stream where he pointed out several silently fixed security bugs over the past months, many if not all of them without a CVE at the time. reminds me, did the sparc64 NX bug get a CVE already?
> The write ups themselves would not constitute part of a "private discussion"
what's private and what's not is not for you to decide.
Posted Feb 22, 2010 17:39 UTC (Mon) by vonbrand (subscriber, #4458)
I'm sorry, but you claim to be doing the work of travelling the patches and checking them for security relevance, and do not publish the results, while complaining others don't publish the very same data (which they arguably don't have at hand)?
I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.
Posted Feb 22, 2010 19:10 UTC (Mon) by PaXTeam (subscriber, #24616)
some commits, yes.
> and checking them for security relevance,
i mostly check them for interference with my work and that necessarily means that sometimes my eyes catch security relevant commits as well.
> and do not publish the results
i don't understand what is there to publish. aren't all bugs just bugs? what else do *you* want to know about them? you can't defend the coverup of security bugs and complain about their lack of disclosure at the same time. make up your mind ;). also you're welcome to follow spender's twitter stream, we often inform each other about suspicious commits and investigate together.
> while complaining others don't publish the very same data (which they arguably don't have at hand)?
i never complained about not disclosing security impact information they do not themselves have already. quote me back if you believe otherwise. what i did and still do complain about is when they *know* that a commit fixes a security bug but cover it up.
> I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.
it wasn't him (Jon) and it wasn't going to be part of LWN but rather a reply to -stable postings on lkml (spender went back and double checked the emails).
Posted Feb 22, 2010 19:32 UTC (Mon) by nix (subscriber, #2304)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds