| |||||||||||||
KS2011: Kernel.org reportKS2011: Kernel.org reportPosted Oct 25, 2011 9:30 UTC (Tue) by Trou.fr (subscriber, #26289)Parent article: KS2011: Kernel.org report
As sad as it may be, the Linux kernel is no different from other organisations : "everything's ok, no need to worry about security" until they get owned to the core.
At least now security people will *maybe* be listened to a bit more carefully, at least I hope so.
(Log in to post comments)
KS2011: Kernel.org report Posted Oct 25, 2011 10:01 UTC (Tue) by dgm (subscriber, #49227) [Link]
God try. But you're wrong.
Kernel developers care a great deal about security, only not of the circus variety. CVE numbers and stuff do not make systems more secure, less bugs do.
And for what I can tell, people that say reasonable things do get listened to. Those just whoring for attention do tend to get ignored, though.
That language about "security people" is part of the problem. You're a contributor, or you're not. If you're soo cool that you need to distinguish yourself from the rest of the pack, maybe you should consider a career as a designer instead. The LKML will not give you the kind of reward you expect.
KS2011: Kernel.org report Posted Oct 28, 2011 20:12 UTC (Fri) by giraffedata (subscriber, #1954) [Link] Your implication is that they were wrong to ignore the security vulnerabilities in kernel.org before and right to worry about them now. The opposite could be true too. As the risk is not greater now than before this compromise, aren't kernel.org people overreacting? This is the same thing that always perplexes me when a person starts wearing a seat belt because a celebrity died by not wearing one. It's hard to believe the person has significantly more information about the risks of driving beltless after that one death, but there's a lot of psychology involved.
|
|||||||||||||