lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20080704221847.GA3761@master.roath.intern>
Date:	Sat, 5 Jul 2008 00:18:48 +0200
From:	sroas@...th.org (Stefan Roas)
To:	linux-kernel@...r.kernel.org
Subject: Re: Linux 2.6.25.10

On Thu Jul 03, 2008 at 16:42:01, Chris Rankin wrote:
> > Again, if the above information is somehow insufficient as to what
> > exactly is fixed in the -stable releases, and anyone has questions about
> > how these release announcements are created, please let me know.
> 
> Well, for example:
> 
> I have only machines with 32 bit CPUS, none of them is hot-pluggable and none has an i915 graphics chip. All my local users are "trusted", nor am I running any multi-threaded Java applications on SMP systems. (I also have no idea what ICM pages are, but they sound jolly impressive!)
> 
> And what is "native_read_tscp" all about?

To some degree I can understand that you are not sure of whether you are
affected or not. On the other hand you should probably be, when running
your own kernels on a productive system. After all there seems to be a
general agreement that distribution vendors take care of the stabilization
and bug fixing of their particular kernels. As far as I am
concerned, I'm grateful that there are these stable releases at all and I very
much consider it additional work for everyone in the release team. To that
end it should be your task to check whether the update affects you or not.

After all the releases are publicly announced on probably the busiest
mailing list on earth. That offers anyone the chance to add additional
information to the releases (there has been a discussion recently about
security implications that weren't mentioned in the announcement. Just
replying to the announcement will add the needed information, and as the
discussion showed, people actually do add information).

To sum all the above up: IMHO the announcements are great, the work of the
stable team is great and I wouldn't really want to push more work on the
people that voluntarily spend their time on this branch by explaining every
detail of every patch.

Just my 2 cents.

Best regards,
  Stefan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ