|
|
Subscribe / Log in / New account

"Stable" kernel 2.6.25.7 released

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 14:25 UTC (Tue) by PaXTeam (guest, #24616)
In reply to: "Stable" kernel 2.6.25.7 released by nix
Parent article: Stable kernel 2.6.25.7 released 

1. none of us talked about 'conspiracy', you did. you keep coming up with this strawman and
i'll keep exposing it. but keep trying ;).

2. as you were told about a dozen times already, the problem isn't with not recognizing a bug
for its security impact (or rather, that's a separate problem), but the intentional omission
of such information when it is already known. you have yet to explain the ptrace self-attach
commit, why don't you say something about that?

3. we can't help fix the problem because the problem isn't with us but rather those kernel
developers who decided (but failed to inform the public about) that full-disclosure is a PR
act only, in reality they don't practice it. the consequence of this double-play is that
people who trust them on their word will make false security evaluations when looking at the
commits (and no, they have nothing else to judge because these bugs are discussed on private
lists).

to post comments

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 15:07 UTC (Tue) by nix (subscriber, #2304) [Link] (6 responses) 

Did you not read what I wrote at all? You're insisting that your assertions of coordinated
identical intentional malpractice on the part of many dozens of unrelated people does not
constitute a conspiracy theory... but coordinated identical intentional malpractice is the
very *definition* of conspiracy.

i.e. you're now arguing with the dictionary, not with me.

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 15:24 UTC (Tue) by PaXTeam (guest, #24616) [Link] (3 responses) 

i read what you wrote but i think we're having a definition crisis of some sort ;). how do you
define 'coordination'? somewhere above i told you it doesn't take much in a close-knit circle
of people who belong to the same social group anyway. if you mean written edicts issued in
secret or something like that, then it's definitely not that. if you mean the 'see what Linus
does, do as Linus does' kind of 'coordination', then you may call it that but it doesn't make
it so. ever heard of unspoken/unwritten rules that people understand and abide by? doesn't
make them all conspirative, does it? nevertheless, it can still be bad practice and in this
case, it is.

but in the end, you know what, whatever word makes you happy. can you now make the next step
and actually do something about checking the facts out for yourself?

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 15:42 UTC (Tue) by nix (subscriber, #2304) [Link] (2 responses) 

I can't do that because the facts are largely on private lists I don't have access to. (That's
why I trusted that the facts were as you stated.)

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 15:47 UTC (Tue) by PaXTeam (guest, #24616) [Link] (1 responses) 

> I can't do that because the facts are largely on private lists I don't
> have access to.

and what prevents you from asking for them? are you not curious? don't you think that it may
be a good idea to make them public? or just afraid of finding your beliefs shattered a bit?

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 18:09 UTC (Tue) by nix (subscriber, #2304) [Link] 

Mostly I'm not interested enough to bother people over it (and I have other things to do). If
the holes get fixed, it's good enough for me personally...

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 20:53 UTC (Tue) by ncm (guest, #165) [Link] (1 responses) 

Sorry, nix, the "definition of conspiracy" involves lawbreaking.  I see no evidence of crimes
here, and no accusations of crimes, hence no conspiracy and no accusation of conspiracy.  

What we do appear to have is a belief in security-by-obscurity, abetted by preference for
convenience and tidiness, and by publicity-shyness, finally coupled with disrespect for
SELinux.  None are crimes, but the combined effect on security is no less fortunate.

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 22:36 UTC (Tue) by nix (subscriber, #2304) [Link] 

There's a dictionary definition and a legal definition, and they're 
different. The dictionary definition doesn't mention lawbreaking (at least 
not in my dictionary).

(And no, nobody's alleged crimes, although some of the allegations might 
be read to allege criminal *intent*.)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds