Kernel.org's road to recovery
Posted Oct 11, 2011 1:24 UTC (Tue) by vonbrand
In reply to: Kernel.org's road to recovery
Parent article: Kernel.org's road to recovery
What we actually ask: reveal security implications you already know of. That's it. The entire request, in two words, is "be honest". You wouldn't think that would be a big deal.
And the simple answer has been given over and over: "There are very, very few of those; way too few to be of any relevance for whatever you are trying to do. We worry there are people out there who will think that only the commits flagged as with security impact are important, so encouraging said selectiveness is a loss. Furthermore, there are miscreants grepping changelogs for stuff like "overflow" to zero in on potential security problems. Yes, security through obscurity, which is useful as long as it isn't for the long term or the only security measure. What could be won with the flagging is minuscule, what would be lost is, in our opinion, much more than the gain. If you want to research the security impact of bugs, knock yourself out. It's all out there for the taking."
to post comments)