Not so fast
Not so fast
Posted Jun 18, 2008 16:52 UTC (Wed) by nix (subscriber, #2304)In reply to: Not so fast by spender
Parent article: Stable kernel 2.6.25.7 released
I agree with everything you've said in that comment. I just don't think it's 'dishonest'. Everyone involved is quite open about what's going on, so how it could be considered dishonest is quite beyond me (and it's not as if we see holes with actual significant impact being not fixed: please, 'root can get complete control of the system' is likely to impact a number of systems given in single digits, given that on virtually every system out there root *already* has complete control: and 'hold back for a few days until the major distros have updated' also seems reasonable. CPU bugs with security impact are an entirely different kettle of silicon, and I have no idea what the right thing is to do there, especially if the bug is one that can't be fixed with a microcode update: someone's going to get hurt sooner or later no matter what you do).
Posted Jun 18, 2008 17:59 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (4 responses)
Posted Jun 19, 2008 9:45 UTC (Thu)
by nix (subscriber, #2304)
[Link] (3 responses)
Posted Jun 19, 2008 10:31 UTC (Thu)
by PaXTeam (guest, #24616)
[Link] (2 responses)
Posted Jun 19, 2008 21:47 UTC (Thu)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Jun 20, 2008 1:37 UTC (Fri)
by zakalwe2 (guest, #50472)
[Link]
Not so fast
> Everyone involved is quite open about what's going on, so
> how it could be considered dishonest is quite beyond me
where did you see 'everyone involved' being open? not here. not a single person who
participated in the withholding of known security impact info posted to this thread or
admitted doing so.
>and it's not as if we see holes with actual significant impact being not fixed:
strawman warning ;)! we did *not* talk about bugs not getting fixed. we talked about bugs not
getting properly described in the commits. where did you pull this one from? but now that you
did, i'll actually ask you a question: if a commit doesn't contain security info (such as the
ptrace self-attach fix), how are people running their own kernels supposed to know to pick
such commits up (think of distibutors, not only individuals)? they can't therefore all *their*
users are unnecessarily exposed to risk.
Not so fast
Er, I was pointing out that it would be significant if we saw things getting covered up and
not fixed. We don't.
(Are you *so* confrontational that you assume that when I'm agreeing with you, I'm actually
trying to argue against you, so my point is thus a 'straw man'? If this is actually what's
happening, you're functionally incapable of reading English as far as I'm concerned.)
Not so fast
> Er, I was pointing out that it would be significant if we saw things
> getting covered up and not fixed. We don't.
er, i was pointing out that it was *not* what we had been talking about all along. we talked
about things getting fixed but *not* communicated properly, in particular, the security impact
of fixes was sometimes omitted even when it was full well known. that *is* dishonest, no
matter how much you argue the opposite:
> I just don't think it's 'dishonest'.
that is *not* 'I'm agreeing with you', no matter how you spin it later.
but i said all this a 100 times already by now yet *you* keep diverging into irrelevant
possibilities that we have never raised. you tell me who has a reading comprehension propblem.
also it has been your strategy to change the subject of discussion slightly in order to be
able attack it then. that meets the dictionary definition of a strawman. i know you never
liked it when i exposed every one of your attempts, but that should not be reason to resort to
ad hominem in lieu of rational arguments (you probably figured out by now that i'm not a
native speaker, right?). as you so aptly said:
> This thread is giving me so *very* many examples of how not to communicate...
Not so fast
The dictionary definition of a straw man argument is arguing !A and then
concluding !B, where A is not a precondition of B.
What I'm doing is considering slight variations on what you're discussing
in order to figure out if *they* have any merit (since your claim of some
peculiar form of non-malicious dishonesty is incoherent I haven't wasted
any time considering that case at all).
My apologies for *daring* to consider tangential cases at all. I wasn't
aware I wasn't allowed to discuss such things.
(Your claims of 'exposure' reek of paranoia. In fact pretty much
everything you've posted reeks of paranoia.)
Not so fast
>>since your claim of some peculiar form of non-malicious dishonesty is incoherent
No honey, your ass doesn't look big in that at all.