| |||||||||||||
Kernel.org's road to recoveryKernel.org's road to recoveryPosted Oct 11, 2011 1:28 UTC (Tue) by vonbrand (subscriber, #4458)In reply to: Kernel.org's road to recovery by malor Parent article: Kernel.org's road to recovery
You presume that the kernel hackers are prescient, and immediately know the security ramifications of each and every bug they fix. Sorry to disapoint you, if they were that smart they wouldn't make the patched mistakes in the first place. Unless you are into serious conspiracy theories, where they insert the bugs full knowing they can be exploited...
(Log in to post comments)
Kernel.org's road to recovery Posted Oct 13, 2011 8:14 UTC (Thu) by Klavs (subscriber, #10563) [Link]
I'm sorry - but all that this discussion seems to be about, is that PaxTeam (and others) would like to developers to write in changelogs, if they know the bug fixed, to have a security impact. That's all.
Currently, they - by their own admission - choose not to reveal such knowledge in changelogs (which could defintely be called a "lie of omission").
I don't think anyone disagrees with the fact, that even if such knowledge was in the changelog, many bugfixes, would not be known by the dev(s) to be security fixes as well - and as such, one will never be able to simple grep for a "Security fix" or similar in changelogs to know when to upgrade to stay secure - such is the world of computers today :)
Kernel.org's road to recovery Posted Oct 13, 2011 8:20 UTC (Thu) by jrn (subscriber, #64214) [Link]
> Currently, they - by their own admission - choose not to reveal such knowledge in changelogs
Again, be careful who "they" is. Linus has said he chooses to avoid easily greppable phrases, yes.
|
|||||||||||||