User: Password:
|
|
Subscribe / Log in / New account

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 7, 2011 19:31 UTC (Fri) by dlang (subscriber, #313)
In reply to: Kernel.org's road to recovery by malor
Parent article: Kernel.org's road to recovery

it would be lying if they said in the changelog "this changelog has no security impact" when they know that it does.

not saying that it has a security impact is not direct lying. at most it's lying by implication or by omissions, but to make a case that it's lying by these criteria you would need to establish that it's a normal thing to have such data in there to start with, and it's not.


(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 7, 2011 20:34 UTC (Fri) by malor (guest, #2973) [Link]

Knowingly hiding information for your own benefit (avoiding embarrassment and fewer people using your product), and to the detriment of the people you're hiding the information from, is lying.

You can fucking dance around that all you want, trying to justify behavior that simply can't be justified, but it remains true. It is unethical behavior, probably the second-worst thing you can do as a coder.

Kernel.org's road to recovery

Posted Oct 7, 2011 21:49 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> you would need to establish that it's a normal thing to have such data
> in there to start with, and it's not.

as a security professional you must know cve.mitre.org and all the links they have to various resources that disclose this kind of information. you were saying...?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds