Re: thoughts on kernel security issues

From: Rik van Riel
Date: Wed Jan 12 2005 - 22:41:49 EST

Next message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: xtime <-> gettimeofday can get out of sync"
Previous message: Dave Jones: "Re: thoughts on kernel security issues"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Marcelo Tosatti: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 12 Jan 2005, Marcelo Tosatti wrote:

The only reason for this is to have "time for the vendors to catch up", which can be defined by the kernel security office. Nothing more - no vendor politics involved.

There are other good reasons, too. One could be:

"Lets not make this security bug public on christmas eve,
because many system administrators won't get around to
applying patches, while the script kiddies have lots of
time over their christmas holidays."

IMHO it will be good to coordinate things like this, based on
common sense, and trying to minimise the impact on users of
the software. I do agree with Linus' "no politics" point,
though ;)

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Benjamin Herrenschmidt: "Re: [PATCH] ppc64: xtime <-> gettimeofday can get out of sync"
Previous message: Dave Jones: "Re: thoughts on kernel security issues"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Marcelo Tosatti: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]