Kernel.org's road to recovery
Posted Oct 7, 2011 1:13 UTC (Fri) by malor
In reply to: Kernel.org's road to recovery
Parent article: Kernel.org's road to recovery
Which is bullshit, in letters ten feet tall.
If you know it's a security issue, the ONLY reason to hide that fact is to try to juke stats about how (in)secure Linux is. Security fixes are embarassing, and the kernel team is trying to hide just how bad their code is.
That's all it really is. It's not 'security theater' to blame. It's poor programmers trying to shovel bad code under the rug.
Nobody is asking for security analysis, just that, if a bug is KNOWN to be security-related, that they pass that info along, not deliberately hide it.
Hiding information of that type is shameful in and of itself, and it's quite possible someone might end up dead because they didn't realize that a hole had been patched, and that they'd already been exploited. Not knowing that a hole was plugged means they might not think to look.
That's the stakes in the modern networked world, and fucking around with goddamn semantic games when people's lives are at risk is selfish bullshit of the highest order. Pass along all the information you have about the impact of a bug. Hiding it is putting people at risk for zero real benefit.
to post comments)