User: Password:
Subscribe / Log in / New account's road to recovery's road to recovery

Posted Oct 6, 2011 21:23 UTC (Thu) by dlang (subscriber, #313)
In reply to:'s road to recovery by PaXTeam
Parent article:'s road to recovery

the invalid logic is the idea that if a commit is not tagged as being a security fix, they can safely ignore it.

(Log in to post comments)'s road to recovery

Posted Oct 6, 2011 23:24 UTC (Thu) by PaXTeam (guest, #24616) [Link]

right, this is the same old tired strawman then and i guess the chances of your answering the same old tired request of mine are slim to none, but here it is again, just for the record: show me a *single* individual who 1. provably believes/follows/operates based on your logic above, 2. has *any* relevance whatsoever in producing kernels for a wider audience. define wide as more than say 10 people in the world but if you really want to advance this silly strawman then better pick someone working for RH/Novell/Canonical/Oracle/etc, you get the idea. because, you see, if no such person exists, you'll need to pick a better argument for justifying the covering up of kernel security fixes. i also wonder how you, a self-described security professional imagine to keep your systems secure if you don't get to know about security fixes.'s road to recovery

Posted Oct 7, 2011 18:32 UTC (Fri) by vonbrand (guest, #4458) [Link]

Au contraire. Show that there is no miscreant grepping for such stuff in the kernel (and other changelogs) in order to find out if they can put their foot in the door, and we might reconsider.'s road to recovery

Posted Oct 7, 2011 21:22 UTC (Fri) by PaXTeam (guest, #24616) [Link]

what do some people's intentions have to do with being honest? nothing? are you suggesting that the weatherman stop reporting today's hurricane location because some miscreant may use that information for evil purposes? coming back to common sense, yes, nobody who is actually able to do damage will grep commit messages as that helps exactly nothing to write an exploit (reading the actual code however does).'s road to recovery

Posted Oct 9, 2011 16:05 UTC (Sun) by vonbrand (guest, #4458) [Link]

Honesty is all about intentions.'s road to recovery

Posted Oct 10, 2011 7:57 UTC (Mon) by PaXTeam (guest, #24616) [Link]

so you agree that Linus is dishonest since he declared his intentions to cover up security fixes quite clearly. it's a good start :).'s road to recovery

Posted Oct 11, 2011 1:10 UTC (Tue) by vonbrand (guest, #4458) [Link]

He asked not to indulge in a theater of flagging commits with useless (and probably misleading) comments. That is a very far cry from dishonesty.

The contention that such commit messages will make Linux look bad is nonsense, if somebody wants to get data on security problems there are lots of other sources, very much more accurate than self-selected comments on patches.'s road to recovery

Posted Oct 11, 2011 7:36 UTC (Tue) by PaXTeam (guest, #24616) [Link]

> He asked not to indulge in a theater of flagging commits with useless
> (and probably misleading) comments.

no, he didn't *ask* anything. he *declared* that he does *not* want to see greppable words that'd identify a commit as fixing a security bug. no ifs and buts there. in less euphemistic words it's also called a coverup. second, if identifying security fixes was 'useless (and probably misleading)' then 1. why does he still let through such commits sometimes, 2. why does the rest world do this? something doesn't add up here if you theory holds ;).

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds