From: Alan Cox <alan@redhat.com>
To: "Rodrigo Rubira Branco (BSDaemon)" <rbranco@LA.CHECKPOINT.COM>
Cc: Greg KH <gregkh@suse.de>,
linux-kernel@vger.kernel.org, stable@kernel.org, greg@kroah.com,
"'Justin Forbes'" <jmforbes@linuxtx.org>,
"'Zwane Mwaikambo'" <zwane@arm.linux.org.uk>,
"'Theodore Ts'o'" <tytso@mit.edu>,
"'Randy Dunlap'" <rdunlap@xenotime.net>,
"'Dave Jones'" <davej@redhat.com>,
"'Chuck Wolber'" <chuckw@quantumlinux.com>,
"'Chris Wedgwood'" <reviews@ml.cw.f00f.org>,
"'Michael Krufky'" <mkrufky@linuxtv.org>,
"'Chuck Ebbert'" <cebbert@redhat.com>,
"'Domenico Andreoli'" <cavokz@gmail.com>,
"'Willy Tarreau'" <w@1wt.eu>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, "'Alan Cox'" <alan@redhat.com>,
caglar@pardus.org.tr, casey@schaufler-ca.com,
spender@grsecurity.net, pageexec@freemail.hu,
rodrigo@kernelhacking.com
Subject: Re: [stable] Linux 2.6.25.10 (resume)
Date: Sat, 19 Jul 2008 06:11:40 -0400 [thread overview]
Message-ID: <20080719101140.GB20802@devserv.devel.redhat.com> (raw)
In-Reply-To: <4880A3B1.3050103@la.checkpoint.com>
> @@ -1,7 +1,7 @@
> -Linux kernel developers take security very seriously. As such, we'd
> -like to know when a security bug is found so that it can be fixed and
> -disclosed as quickly as possible. Please report security bugs to the
> -Linux kernel security team.
> +Linux kernel developers take security very seriously, in exactly the
> +same way we do with any other bugs. As such, we'd like to know when
> +a security bug is found so that it can be fixed as soon as possible.
> +Please report security bugs to the Linux kernel security team.
NAK this. If the fix is not clear and the bug not too serious it is better
to disclose it than fail to fix it. The security team does not usually fix the
bugs, the experts in the various bits of code do.
> -Any exploit code is very helpful and will not be released without
> -consent from the reporter unless it has already been made public.
> +Any exploit code is very helpful and will not be released.
NAK this too. If someone releases an exploit publically or it leaks we
want to be able to freely share it too. Your proposal would mean any but
those dumb enough to agree to this could share it. That is why the unless made
public is part of every generic NDA document on the planet.
The rest needs Linus to return from holiday for discussion and that'll
be a week or two. In the meantime you might want to define "disclose" as
I don't think we all agree on what it means as you've not defined who is and
isn't the linux security team and/or its helpers.
next prev parent reply other threads:[~2008-07-19 10:22 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080701151057.930340322@mini.kroah.org>
2008-07-01 15:18 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
2008-07-01 15:18 ` [patch 1/9] TTY: fix for tty operations bugs Greg KH
2008-07-01 16:01 ` Greg KH
2008-07-02 9:57 ` S.Çağlar Onur
2008-07-02 9:44 ` Alan Cox
2008-07-02 14:41 ` Greg KH
2008-07-02 15:09 ` S.Çağlar Onur
2008-07-16 4:01 ` [stable] Linux 2.6.25.10 (resume) Rodrigo Rubira Branco
2008-07-16 4:49 ` Greg KH
2008-07-18 14:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-18 15:20 ` Willy Tarreau
2008-07-18 15:29 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-19 4:45 ` david
2008-07-19 10:11 ` Alan Cox [this message]
2008-07-22 0:48 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-23 4:27 ` Greg KH
2008-07-23 11:54 ` pageexec
2008-07-23 14:31 ` Henrique de Moraes Holschuh
2008-07-23 14:53 ` pageexec
2008-07-19 22:13 ` Greg KH
2008-07-20 17:28 ` Al Viro
2008-07-22 1:07 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-22 0:52 ` Rodrigo Rubira Branco (BSDaemon)
2008-07-01 15:19 ` [patch 2/9] futexes: fix fault handling in futex_lock_pi Greg KH
2008-07-01 15:19 ` [patch 3/9] IB/mthca: Clear ICM pages before handing to FW Greg KH
2008-07-01 15:19 ` [patch 4/9] DRM: enable bus mastering on i915 at resume time Greg KH
2008-07-01 15:19 ` [patch 5/9] x86_64 ptrace: fix sys32_ptrace task_struct leak Greg KH
2008-07-01 15:19 ` [patch 6/9] sched: fix cpu hotplug Greg KH
2008-07-01 15:19 ` [patch 7/9] ptrace GET/SET FPXREGS broken Greg KH
2008-07-01 15:19 ` [patch 8/9] x86: fix cpu hotplug crash Greg KH
2008-07-01 15:19 ` [patch 9/9] x86: shift bits the right way in native_read_tscp Greg KH
2008-07-01 16:43 ` [patch 0/9] 2.6.25.10 -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080719101140.GB20802@devserv.devel.redhat.com \
--to=alan@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=caglar@pardus.org.tr \
--cc=casey@schaufler-ca.com \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=greg@kroah.com \
--cc=gregkh@suse.de \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=pageexec@freemail.hu \
--cc=rbranco@LA.CHECKPOINT.COM \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=rodrigo@kernelhacking.com \
--cc=spender@grsecurity.net \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox