An important set of stable kernel updates

Posted Oct 21, 2016 17:19 UTC (Fri) by nix (subscriber, #2304)
In reply to: An important set of stable kernel updates by oldtomas
Parent article: An important set of stable kernel updates

And nix, I'm a bit disappointed that you seem to find pleasure in the same game. Go talk to Greg, or Linus. But whining an old whine in a public forum ain't helping anybody.

Oh, believe me, I'm not finding pleasure in the same game. I'm just annoyed by a pointlessly vague commit message and a *really* vague comment which is just the sort of comment the kernel devs would come down really hard on if perpetrated by anyone else. Usually, the argument can be made that Linus couldn't know in advance that a fix would get into -stable and thus that it is plausible that security-by-obscurity by burying the patch in the general flood might work against any attacker less determined than, say, spender -- except in this case he *linked to a commit* that described the vulnerability unambiguously, so what on earth is the point of vaguing up the language in this commit message, and in the patch itself?

I can't see any coherent point of view that would lead to this outcome at all. It manages to combine all the disadvantages of security by obscurity *and* all the disadvantages of early disclosure while cunningly avoiding the advantages of both.

An important set of stable kernel updates

Posted Oct 25, 2016 7:19 UTC (Tue) by oldtomas (guest, #72579) [Link] (1 responses)

> Oh, believe me, I'm not finding pleasure in the same game.

Then Just Don't Play it. There are far more constructive games in this field.

If you see a kernel patch related to a vulnerability, by all means, point it out. Or go support Kees Cook in his attempt at building bridges (for which he regularly harvests sarcasm in the form of "nyah, nyah, we had that 3 years ago, and if he leaves such-and-such out, it's totally worthless anyway"[1]. Bah.)

[1] Perhaps *technically* in its strictest sense correct, but doing a catastrophical disservice to all involved, including spender.
BTW if anyone has seen spender et al saying something *nice* to someone, let me know. I genuinely want to widen my horizon.

An important set of stable kernel updates

Posted Oct 26, 2016 21:51 UTC (Wed) by nix (subscriber, #2304) [Link]

> BTW if anyone has seen spender et al saying something *nice* to someone, let me know. I genuinely want to widen my horizon.

I've seen PaXTeam being, if not nice, at least matter-of-fact and not insulting or superior to Kees a couple of times. It was genuinely shocking.