LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Re: Bad Maintainance!

Re: Bad Maintainance!

Posted Dec 2, 2003 20:03 UTC (Tue) by crimsun (subscriber, #13750)
In reply to: Bad Maintainance! by AnswerGuy
Parent article: The brk() vulnerability

I think it's a fundamental difference in how a maintainer follows the rigor of his release schedule. The argument has been made that people who track exploits closely will patch their systems regardless of whether a version bump is made to accomodate the release of a critical fix. I feel Marcelo's doing a fine job maintaining 2.4. Yes, Alan's policy with 2.2 has always been more finely-suited to security releases reflecting version bumps. That way there is no confusion.

The original closing hook really stands; we all need to be watching cset merges.

(Log in to post comments)

Re: Bad Maintainance!

Posted Dec 2, 2003 21:20 UTC (Tue) by freethinker (guest, #4397) [Link]

I don't agree. Yes, we can have some people, who have the skills and time to track exploits, patch their systems. But wouldn't it be better if the maintainer patched the kernel and issued a new release with an appropriate message regarding the urgency? Then many more people would be aware and would upgrade. That's what the maintainer is for: to track these things, to be aware of urgent issues, and to do the right thing with them.

I won't go so far as to say that Marcelo fell down on the job here. I don't know all the circumstances. But the question should be asked.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.