From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 11 Dec 2013 13:00:07 +1100 From: Dave Chinner To: Josh Boyer Cc: Luis Henriques , Kees Cook , Dwight Engen , LKML , Brian Foster , Dave Chinner , Gao feng , Ben Myers , Greg KH , xfs@oss.sgi.com, "stable@vger.kernel.org" Subject: Re: XFS security fix never sent to -stable? Message-ID: <20131211020007.GH10988@dastard> References: <20131209121534.GE4278@hercules> <20131209235523.GW31386@dastard> <20131211010326.GF10988@dastard> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: On Tue, Dec 10, 2013 at 08:10:51PM -0500, Josh Boyer wrote: > On Tue, Dec 10, 2013 at 8:03 PM, Dave Chinner wrote: > > Security processes are not something that should be hidden away in > > it's own private corner - if there's a problem upstream needs to > > take action on, then direct contact with upstream is necessary. We > > need to know about security issues - even ones that are classified > > post-commit as security issues - so we are operating with full > > knowledge of the issues in our code and the impact of our fixes.... > > Agreed. I'm going to interpret your comments at being directed to the > general audience because otherwise you're just shooting the messenger > :). Right, they are not aimed at you - they are aimed at those on the security side of the fence. I'm tired of learning about CVEs in XFS code through chinese whispers and/or luck. Cheers, Dave. -- Dave Chinner david@fromorbit.com