Kernel.org's road to recovery
Posted Oct 7, 2011 22:21 UTC (Fri) by malor
In reply to: Kernel.org's road to recovery
Parent article: Kernel.org's road to recovery
parse that again, *nobody* asked the kernel devs to evaluate the security impact of bugs themselves.
Notice how, over and over and over and over, no matter how many times anyone tells them, they insist on mischaracterizing what is being asked of them?
What we actually ask: reveal security implications you already know of. That's it. The entire request, in two words, is "be honest". You wouldn't think that would be a big deal.
What they constantly insist is being asked for: original security research and impact analysis.
At this point, after years of this going back and forth, I don't think it's reasonable to presume that this is an innocent misunderstanding any longer. It's been repeated too many times, on too many fronts. The REAL objection is that the Linux kernel is absolutely terrible from a security perspective. They want to work on speed, not correctness, and will savagely misrepresent opposing requests to avoid confronting the fact that their laser focus on speed is not shared by a very large fraction of the larger community. In fact, they'll go out of their way to characterize the people who are focused on correctness as being proponents of 'security theater'.
Security is a hard problem, and they don't want to solve that problem. They want to be left alone to work on the speed problem instead. The world is not cooperating with them, and so they're lying about their bugs to try to force it to happen.
to post comments)