User: Password:
|
|
Subscribe / Log in / New account

2.6.32.9 Release notes

2.6.32.9 Release notes

Posted Feb 22, 2010 13:38 UTC (Mon) by PaXTeam (guest, #24616)
In reply to: 2.6.32.9 Release notes by tialaramex
Parent article: 2.6.32.9 Release notes

> Maybe I didn't make myself clear,

no, you were just being dense as usual. try to read the sentences next to what you quoted and understand that the whole effort sort of died down and not because we wanted it.

> I am asking if these "cursory write-ups" actually exist.

i can't speak for spender here but i keep my own logs on various commits here for stuff that i find relevant for myself (not necessarily security related either). but that's a private list and not what we were going to publish.

> It seems not.

it seems you're just trolling as usual. but if you want to get a taste of what was going to be published, read spender's twitter stream where he pointed out several silently fixed security bugs over the past months, many if not all of them without a CVE at the time. reminds me, did the sparc64 NX bug get a CVE already?

> The write ups themselves would not constitute part of a "private discussion"

what's private and what's not is not for you to decide.


(Log in to post comments)

2.6.32.9 Release notes

Posted Feb 22, 2010 17:39 UTC (Mon) by vonbrand (guest, #4458) [Link]

I'm sorry, but you claim to be doing the work of travelling the patches and checking them for security relevance, and do not publish the results, while complaining others don't publish the very same data (which they arguably don't have at hand)?

I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.

2.6.32.9 Release notes

Posted Feb 22, 2010 19:10 UTC (Mon) by PaXTeam (guest, #24616) [Link]

> I'm sorry, but you claim to be doing the work of travelling the patches

some commits, yes.

> and checking them for security relevance,

i mostly check them for interference with my work and that necessarily means that sometimes my eyes catch security relevant commits as well.

> and do not publish the results

i don't understand what is there to publish. aren't all bugs just bugs? what else do *you* want to know about them? you can't defend the coverup of security bugs and complain about their lack of disclosure at the same time. make up your mind ;). also you're welcome to follow spender's twitter stream, we often inform each other about suspicious commits and investigate together.

> while complaining others don't publish the very same data (which they arguably don't have at hand)?

i never complained about not disclosing security impact information they do not themselves have already. quote me back if you believe otherwise. what i did and still do complain about is when they *know* that a commit fixes a security bug but cover it up.

> I just can't imagine our esteemed editor refusing a volunteer column like the article we are talking about here.

it wasn't him (Jon) and it wasn't going to be part of LWN but rather a reply to -stable postings on lkml (spender went back and double checked the emails).

2.6.32.9 Release notes

Posted Feb 22, 2010 19:32 UTC (Mon) by nix (subscriber, #2304) [Link]

Now, now, spender at least publishes the results by emailing md5sums of
descriptions of bugs to people. Surely that is sufficient for anyone.

</snark>


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds