|
|
Subscribe / Log in / New account

Other projects who find security holes in their code would do well to follow his lead here.

Other projects who find security holes in their code would do well to follow his lead here.

Posted Jun 23, 2011 10:53 UTC (Thu) by PaXTeam (guest, #24616)
Parent article: A hole in crypt_blowfish

now the question is whether you meant to include linux in 'other projects' as well given that we learnt recently that the very activity you're endorsing here amounts to playing the 'security circus' according to them ;).

to post comments

Trolling - again

Posted Jun 23, 2011 15:34 UTC (Thu) by clugstj (subscriber, #4020) [Link] (1 responses)

This is one bug in a very old/stable piece of code. The time to investigate all of the security implications of it is relatively small. Now multiply this by the number of versions of the Linux kernel that are "supported" and by the rate of change of that code. The Linux kernel developers would spend all of their time investigating possible security implications of bugs instead of fixing them.

Running any kernel that you've just downloaded form kernel.org is inherently risky - we all know that (or should). That's why we have Debian/RedHat/SuSE/etc.

Linus and friends are not your personal security risk assessment team.

Trolling - again

Posted Jun 23, 2011 20:42 UTC (Thu) by PaXTeam (guest, #24616) [Link]

maybe actually try to read the entire paragraph i quoted from? ;)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds