User: Password:
|
|
Subscribe / Log in / New account

Not much of a flamewar at all

Not much of a flamewar at all

Posted Jul 17, 2008 0:45 UTC (Thu) by PaXTeam (guest, #24616)
In reply to: Not much of a flamewar at all by pr1268
Parent article: Handling kernel security problems

oh, i think i know what you were thinking of as 'flamewar' then. basically, the program was
this: ask the kernel devs how they handle security bugs (what goes into the commits, what gets
announced, etc). once that was clear (essentially, not full-disclosure but non-disclosure, or
coverup), i got interested in why they decided that that was the best way for them. note i did
*not* want to change their minds per se, but as having some background and experience in
security, i thought maybe they based their decision on flawed assumptions (that i've seen so
many times) and if explained/corrected, they may rethink their position - or i would learn
something new. so i asked further about the justification for not including security info in
commits/announcements/etc and got all kinds of silly reasons that were easy to explain. that
it didn't have any effect and we ended up with 'we do it just because' is not my fault, nor do
i consider it a success to learn about their motives. so that's about it, we'll continue to go
different ways.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds