|
|
Subscribe / Log in / New account

Marking security bugs

Marking security bugs

Posted Apr 20, 2011 2:12 UTC (Wed) by jrn (subscriber, #64214)
In reply to: 80b9edca1c11ec8118ab30451af9c1d492770c90 by vonbrand
Parent article: Stable kernel 2.6.38.3

> So out of, conservatively, 1,000 bug fixes 2 or 3 are for bugs that are security relevant.

If you focus on 2.6.x.y kernels (which seems like a reasonable thing to do), the ratio is probably higher. Not that it means much, but I am inclined to agree with them that downplaying the security impact of a patch in the log message seems neither effective nor helpful. Probably that didn't happen in this example, but since it does still seem to happen from time to time, why quibble?

A kernel tree with notes (or a simple list, for that matter) describing the security impact of patches would be nice indeed. It's not the obligation of the people writing the patches to do that work --- anyone could step up and set up a way to cooperate on this (analogous the current stable@kernel.org process).

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds