Stable kernel 2.6.32.8

Posted Feb 15, 2010 16:38 UTC (Mon) by eparis (guest, #33060)
In reply to: Stable kernel 2.6.32.8 by spender
Parent article: Stable kernel 2.6.32.8

> (because no one else cared if the feature worked or not -- not one fix came from the author or any other kernel developer)

This is quite simply untrue and I thought by now you realized so. Call me a fool. Say that I don't have the time, knowledge, or skill to find the problems that you find and I might not argue. But saying that I don't care is a bold face lie. Claiming that I hadn't found a vulnerability in my code would also not warrant disagreement, but saying that I haven't fixed a single thing is a fabrication.

I don't think pointing out how something you said is untrue should get lumped in with the ridiculous "epithet of the day[s]" you have historically been called.

Stable kernel 2.6.32.8

Posted Feb 15, 2010 17:01 UTC (Mon) by spender (guest, #23067) [Link] (1 responses)

It's very simple, as I explained in my previous post. If you cared about it working, you would have at bare minimum found the first couple vulnerabilities yourself (because they were so juvenile -- within 30 minutes after you published the feature I had a second version of my same exploit, with 2 lines changed that worked just as fine as the original). Your claims of caring about it are very weak, as both you and I agree you didn't discover any of the vulnerabilities yourself. As I explained in the previous post, simply fixing things that are reported doesn't mean that you cared about it working correctly, it's just called doing your job.

You're getting stuck up on my use of the word "fix" when after my first reply I didn't contest that you committed the actual fixes, but the point was that those fixes would have never existed were it not for other people that actually found the vulnerabilities. You had two ways of interpreting it, knowing that 1) neither you nor any other kernel developer discovered a bug that resulted in a fix, and that 2) you committed all but two of the fixes yourself (something you know I'm aware of since you remember our emails).

Replace "fix" with "bug discovery" if you like, with the knowledge that no fixes would exist without previous bug discovery. And I stand behind what I said in general and in this specific case about not caring about added security features actually working. Fixing reported bugs after the fact doesn't explain it away.

-Brad

Stable kernel 2.6.32.8

Posted Feb 17, 2010 20:48 UTC (Wed) by nix (subscriber, #2304) [Link]

So, you told Eric about bugs by... not telling him about them, and thus
it's his fault that he didn't fix the bugs you didn't tell him about?