LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Trolling - again

Trolling - again

Posted Jun 23, 2011 15:34 UTC (Thu) by clugstj (subscriber, #4020)
In reply to: Other projects who find security holes in their code would do well to follow his lead here. by PaXTeam
Parent article: A hole in crypt_blowfish

This is one bug in a very old/stable piece of code. The time to investigate all of the security implications of it is relatively small. Now multiply this by the number of versions of the Linux kernel that are "supported" and by the rate of change of that code. The Linux kernel developers would spend all of their time investigating possible security implications of bugs instead of fixing them.

Running any kernel that you've just downloaded form kernel.org is inherently risky - we all know that (or should). That's why we have Debian/RedHat/SuSE/etc.

Linus and friends are not your personal security risk assessment team.

(Log in to post comments)

Trolling - again

Posted Jun 23, 2011 20:42 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]

maybe actually try to read the entire paragraph i quoted from? ;)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds