Kernel.org's road to recovery
Posted Oct 6, 2011 15:40 UTC (Thu) by mpr22
In reply to: Kernel.org's road to recovery
Parent article: Kernel.org's road to recovery
I'm afraid that as soon as it becomes easy to find out via grep which patches potentially fix security issues that people would start publishing stats about how many security issues have been fixed in the Linux kernel and that these stats would be used in negative publicity about the Linux kernel.
I should note here that I'm in the "all kernel fixes not provably security-irrelevant are security fixes" camp, on the grounds that there are too many people who lie in the mutual intersection of the following sets:
- People who "only want security fixes!"
- People who don't grasp that "P implies Q" does not mean "not-Q implies not-P".
- People who have nominal software-acquisition responsibility with respect to public-facing Internet systems.
Yes, these people need to be debugged. However, adequate lawfully and morally acceptable techniques for such debugging do not come readily to mind.
to post comments)