They were accusing the kernel developers of intentionally hiding security problems from the very *start*. Despite Documentation/SecurityBugs plainly not being any kind of 'security policy' and despite Linus saying as much, all the participants on the other side of this little flamewar are *still* calling it a 'security policy' and alleging dishonesty for not 'complying' with it. At this point I'm afraid I can't see any way in which the accusers could be considered to be operating rationally. They simply aren't listening to anything anyone else says, rather responding by reiterating the same damn tired points over and over: one imagines that the only thing they'd be satisfied with is complete acquiescence, and that's not the way l-k works (or any free software project I know of). davem has pointed out the additional irony that the accusing side is waving the banner of 'full disclosure' while not actually disclosing their own *names* in the majority of cases. We've got people complaining using the names of fictional characters (who in that work of fiction had adopted that name to cover up an ancient crime: not the best choice of pseudonyms). (I don't object to pseudonyms normally, but if you're using a pseudonym *and* waving a full-disclosure banner, accusing other people of hypocrisy is not very sensible.)  it doesn't say how all security holes discovered in the kernel will be treated, but rather how holes *which the discoverer chooses to report to a specific non-l-k list* are treated
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds