LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

2.6.32.9 Release notes

2.6.32.9 Release notes

Posted Feb 22, 2010 17:39 UTC (Mon) by vonbrand (subscriber, #4458)
In reply to: 2.6.32.9 Release notes by PaXTeam
Parent article: 2.6.32.9 Release notes

I'm sorry, but you claim to be doing the work of travelling the patches and checking them for security relevance, and do not publish the results, while complaining others don't publish the very same data (which they arguably don't have at hand)?

I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.

(Log in to post comments)

2.6.32.9 Release notes

Posted Feb 22, 2010 19:10 UTC (Mon) by PaXTeam (subscriber, #24616) [Link]

> I'm sorry, but you claim to be doing the work of travelling the patches

some commits, yes.

> and checking them for security relevance,

i mostly check them for interference with my work and that necessarily means that sometimes my eyes catch security relevant commits as well.

> and do not publish the results

i don't understand what is there to publish. aren't all bugs just bugs? what else do *you* want to know about them? you can't defend the coverup of security bugs and complain about their lack of disclosure at the same time. make up your mind ;). also you're welcome to follow spender's twitter stream, we often inform each other about suspicious commits and investigate together.

> while complaining others don't publish the very same data (which they arguably don't have at hand)?

i never complained about not disclosing security impact information they do not themselves have already. quote me back if you believe otherwise. what i did and still do complain about is when they *know* that a commit fixes a security bug but cover it up.

> I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.

it wasn't him (Jon) and it wasn't going to be part of LWN but rather a reply to -stable postings on lkml (spender went back and double checked the emails).

2.6.32.9 Release notes

Posted Feb 22, 2010 19:32 UTC (Mon) by nix (subscriber, #2304) [Link]

Now, now, spender at least publishes the results by emailing md5sums of
descriptions of bugs to people. Surely that is sufficient for anyone.

</snark>

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds