From: Tiago Assumpcao <tiago@assumpcao.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: pageexec@freemail.hu, Greg KH <greg@kroah.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, stable@kernel.org
Subject: Re: [stable] Linux 2.6.25.10
Date: Tue, 15 Jul 2008 21:38:25 -0300 [thread overview]
Message-ID: <487D4301.5080609@assumpcao.org> (raw)
In-Reply-To: <alpine.LFD.1.10.0807151707450.2867@woody.linux-foundation.org>
Linus Torvalds wrote:
>
> On Tue, 15 Jul 2008, Tiago Assumpcao wrote:
>> However, as I previously explained [http://lkml.org/lkml/2008/7/15/654],
>> security issues are identified and communicated through what can be a long and
>> complicated (due to DNAs, etc.) process. If it culminates at implementation,
>> without proper information forwarding from the development team, it will never
>> reach the "upper layers" -- vendors, distributors, end users, et al.
>
> Umm. That shouldn't be our worry.
Yeah, at this point, it is clear to the world. No needs for repeated
wording ;)
> If others had a long and involved (and broken) process, they should be the ones that track the fixes too. We
> weren't involved, we didn't see that, we simply _cannot_ care.
You weren't involved? Hold on, aren't you the developers, thence, those
who commit mistakes, a.k.a the bug inducing point?
>
>> Therefore, yes, it is of major importance that you people, too, buy the
>> problem and support the process as a whole. Otherwise... well, otherwise,
>> we're back to where we started, 20 years ago. Good luck Linux users.
>
> Umm. What was wrong with 20 years ago exactly?
What was wrong for the computer theoretic people about 100 years ago?
Lack of development? Not sure. Perhaps the same that existed for
information security 20 years ago. Just perhaps.
I apologize for assuming you hold such information, anyway.
>
> Are you talking about all the wonderful work that the DNS people did for
> that new bug, and how they are heroes for synchronizing a fix and keeping
> it all under wraps?
>
> And isn't that the same bug that djb talked about and fixed in djbdns from
> the start? Which he did about ten YEARS ago?
Are you trying to justify your irresponsibly indulgent act towards the
operating system that my mother is likely to use with one alone
exception? Because it rains umbrellas are a waste of time?
>
> Excuse me for not exactly being a huge fan of "security lists" and best
> practices. They seem to be _entirely_ be based on PR and how much you can
> talk up a specific bug. No thank you,
>
> Linus
Personally, I, too, have a major disgust for most crap seen in the so
called info-sec world. I hand you my agreement on this one.
Except, it changes in nothing your responsibilities.
Take good care,
--t
next prev parent reply other threads:[~2008-07-16 0:40 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-03 3:58 Linux 2.6.25.10 Greg KH
2008-07-03 3:58 ` Greg KH
2008-07-03 17:08 ` Bart Van Assche
2008-07-03 17:29 ` Greg KH
2008-07-03 18:57 ` Greg KH
2008-07-03 19:31 ` pageexec
2008-07-14 12:04 ` [stable] " Greg KH
2008-07-15 2:14 ` pageexec
2008-07-15 2:27 ` Linus Torvalds
2008-07-15 15:31 ` pageexec
2008-07-15 16:07 ` Linus Torvalds
2008-07-15 16:13 ` Linus Torvalds
2008-07-17 21:08 ` Aidan Thornton
2008-07-15 19:03 ` pageexec
2008-07-15 19:16 ` Linus Torvalds
[not found] ` <487D20EC.26203.1BD1E5C5@pageexec.freemail.hu>
2008-07-15 20:18 ` Linus Torvalds
2008-07-15 20:23 ` pageexec
2008-07-15 20:42 ` Linus Torvalds
2008-07-15 21:18 ` pageexec
2008-07-15 21:26 ` Linus Torvalds
2008-07-15 22:08 ` pageexec
2008-07-15 23:28 ` Linus Torvalds
2008-07-16 0:00 ` Tiago Assumpcao
2008-07-16 0:16 ` Linus Torvalds
2008-07-16 0:38 ` Tiago Assumpcao [this message]
2008-07-16 0:51 ` Linus Torvalds
2008-07-16 1:10 ` Tiago Assumpcao
2008-07-16 1:41 ` Linus Torvalds
2008-07-16 2:24 ` Tiago Assumpcao
2008-07-16 3:11 ` Theodore Tso
2008-07-16 9:49 ` pageexec
2008-07-16 10:08 ` David Miller
2008-07-16 10:23 ` pageexec
2008-07-16 10:31 ` David Miller
2008-07-16 10:51 ` pageexec
2008-07-16 11:04 ` David Miller
2008-07-16 11:52 ` pageexec
2008-07-16 3:13 ` Greg KH
2008-07-16 9:01 ` pageexec
2008-07-16 9:35 ` Gabor Gombas
2008-07-16 10:04 ` pageexec
2008-07-16 14:43 ` Greg KH
2008-07-16 15:43 ` pageexec
2008-07-16 16:29 ` Greg KH
2008-07-16 17:25 ` pageexec
2008-07-16 18:08 ` Theodore Tso
2008-07-16 19:09 ` pageexec
2008-07-17 3:43 ` Mike Galbraith
2008-07-16 1:08 ` Theodore Tso
2008-07-16 1:30 ` pageexec
2008-07-16 1:53 ` Tiago Assumpcao
2008-07-16 2:02 ` Linus Torvalds
2008-07-16 2:36 ` Tiago Assumpcao
2008-07-16 4:07 ` Linus Torvalds
2008-07-16 4:16 ` Tiago Assumpcao
2008-07-16 3:27 ` Casey Schaufler
2008-07-16 4:13 ` Tiago Assumpcao
2008-07-16 4:21 ` Linus Torvalds
2008-07-16 5:02 ` Tiago Assumpcao
2008-07-16 5:13 ` Linus Torvalds
2008-07-16 5:26 ` Casey Schaufler
2008-07-16 9:33 ` pageexec
2008-07-16 13:21 ` Theodore Tso
2008-07-16 15:16 ` pageexec
2008-07-16 0:04 ` pageexec
2008-07-16 0:24 ` Linus Torvalds
2008-07-16 0:56 ` pageexec
2008-07-16 1:08 ` Linus Torvalds
2008-07-16 1:23 ` pageexec
2008-07-17 7:19 ` Rafael C. de Almeida
2008-07-17 7:59 ` pageexec
2008-07-17 4:21 ` Phil Pell
2008-07-15 18:33 ` Theodore Tso
2008-07-15 20:28 ` pageexec
2008-07-15 22:39 ` Greg KH
2008-07-15 22:47 ` David Miller
2008-07-15 23:08 ` Tiago Assumpcao
2008-07-15 23:21 ` David Miller
2008-07-15 23:26 ` pageexec
2008-07-15 23:26 ` Tiago Assumpcao
2008-07-15 23:22 ` pageexec
2008-07-15 23:35 ` David Miller
2008-07-15 23:09 ` pageexec
2008-07-15 20:15 ` Tiago Assumpcao
2008-07-20 1:13 ` Bernd Eckenfels
2008-07-15 23:34 ` Tiago Assumpcao
2008-07-19 0:47 ` David Schwartz
2008-07-19 1:01 ` david
2008-07-19 1:51 ` David Schwartz
2008-07-19 5:41 ` Willy Tarreau
2008-07-05 7:54 ` Bart Van Assche
2008-07-08 4:12 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=487D4301.5080609@assumpcao.org \
--to=tiago@assumpcao.org \
--cc=akpm@linux-foundation.org \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox