From: "Theodore Ts'o" <tytso@mit.edu>
To: John Richard Moser <nigelenki@comcast.net>
Cc: michael@optusnet.com.au,
"Marcos D. Marado Torres" <marado@student.dei.uc.pt>,
Ed Tomlinson <edt@aei.ca>, Massimo Cetra <mcetra@navynet.it>,
"'Chuck Ebbert'" <76306.1226@compuserve.com>,
"'Bill Davidsen'" <davidsen@tmr.com>,
"'William Lee Irwin III'" <wli@holomorphy.com>,
"'linux-kernel'" <linux-kernel@vger.kernel.org>
Subject: Re: My thoughts on the "new development model"
Date: Thu, 28 Oct 2004 13:27:31 -0400 [thread overview]
Message-ID: <20041028172731.GB8220@thunk.org> (raw)
In-Reply-To: <41811AF2.2000503@comcast.net>
On Thu, Oct 28, 2004 at 12:14:42PM -0400, John Richard Moser wrote:
> I've already heard rumors (very few, and they've been squashed) of
> GrSecurity being abandoned. The authors of both PaX and Gr are both
> active, they're just spinning on 2.6.7.
>
> Do you see the scenario occuring here? Their project is obviously
> inferior in many peoples' minds because it's not the latest
> hot-off-the-LKML 2.6 kernel. Indeed, many security fixes in (soon to
> be) 2.6.10 aren't in 2.6.7, which could provide known ways to easily
> slip straight past PaX and Gr (I haven't done my research, but this is
> not a hollow scenario).
So the security people who are doing the security patches have two
choices.
(a) Keep up with the mainline kernel, and try to get their changes
merged into the mainline kernel.
(b) Backport the security patches into 2.6.7, or convince/pay someone
to do this work for them.
Well, I suppose the incessant whining on LKML might be considered an
ineffective way of trying to do (b), but fundamentally, it doesn't
address the this important question: Why should the mainline kernel
folks be asked to do extra work because the security people don't
want/care to get their code clean enough to be merged into mainline?
If they choose not to work towards merging their changes with
mainline, then they have to pay the price of an external patch, which
is constantly keeping up with a changing mainline, or creating their
own set of patch backports.
I'll note by the way that the distributions have chosen the latter for
their stable Enterprise kernels; so this is an honorable and viable
choice, although they do have paying customers to allow them to pay
the costs of doing the backporting, testing, and qualifying the
patches to their stable snapshot for Red Hat's RHEL and SuSE's SLES.
The difference seems to be that you don't want to pay for a supported
distribution's stable kernel, and you don't want to do the work
yourself. Instead you want to whine on LKML. Is that a fair summary
of the state of affairs?
- Ted
next prev parent reply other threads:[~2004-10-28 17:28 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-26 5:40 My thoughts on the "new development model" Chuck Ebbert
2004-10-26 10:44 ` Ed Tomlinson
2004-10-26 11:09 ` Massimo Cetra
2004-10-26 12:08 ` Paolo Ciarrocchi
2004-10-26 19:03 ` Mathieu Segaud
2004-10-26 20:16 ` Let's make a small change to the process Paolo Ciarrocchi
2004-10-26 20:22 ` William Lee Irwin III
2004-10-26 20:26 ` Paolo Ciarrocchi
2004-10-26 20:33 ` William Lee Irwin III
2004-10-26 20:36 ` Dave Jones
2004-10-26 20:44 ` Paolo Ciarrocchi
2004-10-27 0:51 ` Jan Knutar
2004-10-26 20:48 ` John Richard Moser
2004-10-26 21:00 ` Paolo Ciarrocchi
2004-10-26 15:03 ` My thoughts on the "new development model" William Lee Irwin III
2004-10-26 21:19 ` Ed Tomlinson
2004-10-27 3:05 ` Marcos D. Marado Torres
2004-10-27 4:29 ` Rik van Riel
2004-10-27 5:13 ` Willy Tarreau
2004-10-27 5:23 ` William Lee Irwin III
2004-10-27 6:04 ` Willy Tarreau
2004-10-27 6:28 ` William Lee Irwin III
2004-10-27 6:50 ` Massimo Cetra
2004-10-27 6:56 ` William Lee Irwin III
2004-11-16 16:43 ` Bill Davidsen
2004-10-27 13:48 ` John Richard Moser
2004-10-27 14:57 ` Theodore Ts'o
2004-10-27 15:35 ` John Richard Moser
2004-10-27 19:46 ` Marcos D. Marado Torres
2004-10-27 21:08 ` John Richard Moser
2004-10-27 21:14 ` Rik van Riel
2004-10-27 17:55 ` William Lee Irwin III
2004-10-27 13:38 ` John Richard Moser
2004-10-27 5:25 ` John Richard Moser
2004-10-28 6:46 ` michael
2004-10-28 7:13 ` William Lee Irwin III
2004-10-28 7:28 ` Hacksaw
2004-10-29 21:30 ` Adrian Bunk
2004-10-28 7:57 ` Massimo Cetra
2004-10-28 16:14 ` John Richard Moser
2004-10-28 17:27 ` Theodore Ts'o [this message]
2004-10-28 23:19 ` michael
2004-10-29 0:02 ` John Richard Moser
2004-10-27 4:26 ` Rik van Riel
2004-11-16 16:18 ` Bill Davidsen
2004-10-26 12:37 ` Barry K. Nathan
2004-10-26 14:40 ` Espen Fjellvær Olsen
2004-10-26 14:28 ` William Lee Irwin III
2004-10-26 14:41 ` Gene Heskett
2004-10-26 14:24 ` William Lee Irwin III
2004-10-27 15:27 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2004-10-28 23:33 Chuck Ebbert
2004-10-28 23:53 ` William Lee Irwin III
2004-10-28 13:04 Chuck Ebbert
2004-10-28 13:15 ` Arjan van de Ven
2004-10-28 15:03 ` William Lee Irwin III
2004-10-28 15:07 ` William Lee Irwin III
2004-10-28 17:33 ` Alan Cox
2004-10-28 18:39 ` William Lee Irwin III
2004-10-29 13:19 ` Bill Davidsen
2004-10-29 17:49 ` William Lee Irwin III
2004-10-27 19:50 Chuck Ebbert
2004-10-27 21:40 ` Alan Cox
2004-10-28 2:59 ` Dmitry Torokhov
2004-10-28 10:16 ` Alan Cox
2004-10-27 0:00 Chuck Ebbert
2004-10-27 0:24 ` Dmitry Torokhov
2004-10-27 0:36 ` William Lee Irwin III
2004-10-27 0:36 ` William Lee Irwin III
2004-10-27 2:45 ` Marcos D. Marado Torres
2004-10-27 3:19 ` William Lee Irwin III
2004-10-27 2:47 ` Marcos D. Marado Torres
2004-10-26 16:32 Chuck Ebbert
2004-10-26 17:37 ` William Lee Irwin III
2004-10-26 15:54 Chuck Ebbert
2004-10-26 17:50 ` William Lee Irwin III
2004-10-22 20:03 My thoughts on the "new development model"(A bit late tho) Espen Fjellvær Olsen
2004-10-22 21:52 ` My thoughts on the "new development model" Espen Fjellvær Olsen
2004-10-22 22:12 ` Clemens Schwaighofer
2004-10-23 12:55 ` Bernd Petrovitsch
2004-10-24 3:04 ` Clemens Schwaighofer
2004-10-22 22:45 ` William Lee Irwin III
2004-10-22 22:50 ` Espen Fjellvær Olsen
2004-10-22 23:21 ` William Lee Irwin III
2004-10-23 0:41 ` Lee Revell
2004-10-22 22:57 ` Willy Tarreau
2004-10-23 0:09 ` William Lee Irwin III
2004-10-23 2:40 ` Lee Revell
2004-10-25 21:15 ` Bill Davidsen
2004-10-25 22:08 ` William Lee Irwin III
2004-10-26 16:12 ` Charles Shannon Hendrix
2004-10-26 16:53 ` Mark Nipper
2004-10-23 1:40 ` Adrian Bunk
2004-10-23 5:04 ` Greg KH
2004-10-26 1:07 ` Adrian Bunk
2004-10-23 5:52 ` Willy Tarreau
2004-10-23 14:18 ` William Lee Irwin III
2004-10-23 19:58 ` Kronos
2004-10-23 20:05 ` Espen Fjellvær Olsen
2004-10-22 22:58 ` Lee Revell
2004-10-22 23:21 ` Paul Fulghum
2004-10-22 23:43 ` William Lee Irwin III
2004-10-23 8:01 ` Boris Bukowski
2004-10-26 16:01 ` John Richard Moser
2004-10-26 16:44 ` John Richard Moser
2004-10-26 16:58 ` Hua Zhong
2004-10-26 18:53 ` Diego Calleja
2004-10-26 19:33 ` Paul Fulghum
2004-10-27 15:31 ` Alan Cox
2004-10-27 15:30 ` Alan Cox
2004-10-27 18:37 ` Hua Zhong
2004-10-27 21:39 ` Alan Cox
2004-10-27 16:59 ` Arjan van de Ven
2004-10-27 19:27 ` Marcos D. Marado Torres
2004-10-26 18:01 ` Stephen Hemminger
2004-10-26 18:38 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041028172731.GB8220@thunk.org \
--to=tytso@mit.edu \
--cc=76306.1226@compuserve.com \
--cc=davidsen@tmr.com \
--cc=edt@aei.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=marado@student.dei.uc.pt \
--cc=mcetra@navynet.it \
--cc=michael@optusnet.com.au \
--cc=nigelenki@comcast.net \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.