LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 7, 2011 21:22 UTC (Fri) by PaXTeam (subscriber, #24616)
In reply to: Kernel.org's road to recovery by vonbrand
Parent article: Kernel.org's road to recovery

what do some people's intentions have to do with being honest? nothing? are you suggesting that the weatherman stop reporting today's hurricane location because some miscreant may use that information for evil purposes? coming back to common sense, yes, nobody who is actually able to do damage will grep commit messages as that helps exactly nothing to write an exploit (reading the actual code however does).

(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 9, 2011 16:05 UTC (Sun) by vonbrand (subscriber, #4458) [Link]

Honesty is all about intentions.

Kernel.org's road to recovery

Posted Oct 10, 2011 7:57 UTC (Mon) by PaXTeam (subscriber, #24616) [Link]

so you agree that Linus is dishonest since he declared his intentions to cover up security fixes quite clearly. it's a good start :).

Kernel.org's road to recovery

Posted Oct 11, 2011 1:10 UTC (Tue) by vonbrand (subscriber, #4458) [Link]

He asked not to indulge in a theater of flagging commits with useless (and probably misleading) comments. That is a very far cry from dishonesty.

The contention that such commit messages will make Linux look bad is nonsense, if somebody wants to get data on security problems there are lots of other sources, very much more accurate than self-selected comments on patches.

Kernel.org's road to recovery

Posted Oct 11, 2011 7:36 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]

> He asked not to indulge in a theater of flagging commits with useless
> (and probably misleading) comments.

no, he didn't *ask* anything. he *declared* that he does *not* want to see greppable words that'd identify a commit as fixing a security bug. no ifs and buts there. in less euphemistic words it's also called a coverup. second, if identifying security fixes was 'useless (and probably misleading)' then 1. why does he still let through such commits sometimes, 2. why does the rest world do this? something doesn't add up here if you theory holds ;).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds