From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.sgi.com (relay1.corp.sgi.com [137.38.102.111]) by oss.sgi.com (Postfix) with ESMTP id B0CA27FC4 for ; Tue, 10 Dec 2013 20:00:24 -0600 (CST) Received: from cuda.sgi.com (cuda3.sgi.com [192.48.176.15]) by relay1.corp.sgi.com (Postfix) with ESMTP id 988138F8049 for ; Tue, 10 Dec 2013 18:00:24 -0800 (PST) Received: from ipmail04.adl6.internode.on.net (ipmail04.adl6.internode.on.net [150.101.137.141]) by cuda.sgi.com with ESMTP id b2JnNChDMBa8uJkF for ; Tue, 10 Dec 2013 18:00:23 -0800 (PST) Date: Wed, 11 Dec 2013 13:00:07 +1100 From: Dave Chinner Subject: Re: XFS security fix never sent to -stable? Message-ID: <20131211020007.GH10988@dastard> References: <20131209121534.GE4278@hercules> <20131209235523.GW31386@dastard> <20131211010326.GF10988@dastard> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: List-Id: XFS Filesystem from SGI List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: xfs-bounces@oss.sgi.com Sender: xfs-bounces@oss.sgi.com To: Josh Boyer Cc: Luis Henriques , Greg KH , Brian Foster , Kees Cook , Dwight Engen , LKML , "stable@vger.kernel.org" , xfs@oss.sgi.com, Ben Myers , Gao feng , Dave Chinner On Tue, Dec 10, 2013 at 08:10:51PM -0500, Josh Boyer wrote: > On Tue, Dec 10, 2013 at 8:03 PM, Dave Chinner wrote: > > Security processes are not something that should be hidden away in > > it's own private corner - if there's a problem upstream needs to > > take action on, then direct contact with upstream is necessary. We > > need to know about security issues - even ones that are classified > > post-commit as security issues - so we are operating with full > > knowledge of the issues in our code and the impact of our fixes.... > > Agreed. I'm going to interpret your comments at being directed to the > general audience because otherwise you're just shooting the messenger > :). Right, they are not aimed at you - they are aimed at those on the security side of the fence. I'm tired of learning about CVEs in XFS code through chinese whispers and/or luck. Cheers, Dave. -- Dave Chinner david@fromorbit.com _______________________________________________ xfs mailing list xfs@oss.sgi.com http://oss.sgi.com/mailman/listinfo/xfs From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751544Ab3LKCA0 (ORCPT ); Tue, 10 Dec 2013 21:00:26 -0500 Received: from ipmail04.adl6.internode.on.net ([150.101.137.141]:36877 "EHLO ipmail04.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750960Ab3LKCAY (ORCPT ); Tue, 10 Dec 2013 21:00:24 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ar8IAOfGp1J5LHyk/2dsb2JhbABZgweDOLElhU+BHxd0giUBAQU6HBcMEAgDDgoJJQ8FJQMhE4gBwUsXFo5vB4Q0BJgTkhSDPSg Date: Wed, 11 Dec 2013 13:00:07 +1100 From: Dave Chinner To: Josh Boyer Cc: Luis Henriques , Kees Cook , Dwight Engen , LKML , Brian Foster , Dave Chinner , Gao feng , Ben Myers , Greg KH , xfs@oss.sgi.com, "stable@vger.kernel.org" Subject: Re: XFS security fix never sent to -stable? Message-ID: <20131211020007.GH10988@dastard> References: <20131209121534.GE4278@hercules> <20131209235523.GW31386@dastard> <20131211010326.GF10988@dastard> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 10, 2013 at 08:10:51PM -0500, Josh Boyer wrote: > On Tue, Dec 10, 2013 at 8:03 PM, Dave Chinner wrote: > > Security processes are not something that should be hidden away in > > it's own private corner - if there's a problem upstream needs to > > take action on, then direct contact with upstream is necessary. We > > need to know about security issues - even ones that are classified > > post-commit as security issues - so we are operating with full > > knowledge of the issues in our code and the impact of our fixes.... > > Agreed. I'm going to interpret your comments at being directed to the > general audience because otherwise you're just shooting the messenger > :). Right, they are not aimed at you - they are aimed at those on the security side of the fence. I'm tired of learning about CVEs in XFS code through chinese whispers and/or luck. Cheers, Dave. -- Dave Chinner david@fromorbit.com