Re: thoughts on kernel security issues

From: Florian Weimer
Date: Thu Jan 13 2005 - 03:25:29 EST

Next message: Rusty Russell: "Re: [PATCH] kill symbol_get & friends"
Previous message: Christoph Hellwig: "Re: thoughts on kernel security issues"
In reply to: Marek Habersack: "Re: thoughts on kernel security issues"
Next in thread: Kristofer T. Karas: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Linus Torvalds:

> So I think the whole vendor-sec thing is not helping users at all, it's
> purely a "vendor embarassment" thing.

At least vendor-sec serves as a candidate naming authority for CVE,
and makes sure that the distributors use the same set of CANs in their
advisories. For users, this is an important step forward, because
there is no other way to tell if vendor A is fixing the same problem
as vendor B, at least for end users.

In the past, the kernel developers (including you) supported the
vendor-sec process by not addressing security issues in official
kernels in a timely manner, and (what's far worse from a user point of
view) silently fixing security bugs in new releases, probably because
some vendor kernels weren't fixed yet. Especially the last point
doesn't help users.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [PATCH] kill symbol_get & friends"
Previous message: Christoph Hellwig: "Re: thoughts on kernel security issues"
In reply to: Marek Habersack: "Re: thoughts on kernel security issues"
Next in thread: Kristofer T. Karas: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]