LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 13, 2011 8:14 UTC (Thu) by Klavs (subscriber, #10563)
In reply to: Kernel.org's road to recovery by vonbrand
Parent article: Kernel.org's road to recovery

I'm sorry - but all that this discussion seems to be about, is that PaxTeam (and others) would like to developers to write in changelogs, if they know the bug fixed, to have a security impact. That's all.

Currently, they - by their own admission - choose not to reveal such knowledge in changelogs (which could defintely be called a "lie of omission").

I don't think anyone disagrees with the fact, that even if such knowledge was in the changelog, many bugfixes, would not be known by the dev(s) to be security fixes as well - and as such, one will never be able to simple grep for a "Security fix" or similar in changelogs to know when to upgrade to stay secure - such is the world of computers today :)

(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 13, 2011 8:20 UTC (Thu) by jrn (subscriber, #64214) [Link]

> Currently, they - by their own admission - choose not to reveal such knowledge in changelogs

Again, be careful who "they" is. Linus has said he chooses to avoid easily greppable phrases, yes.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds