lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080716093500.GC11485@boogie.lpds.sztaki.hu>
Date:	Wed, 16 Jul 2008 11:35:00 +0200
From:	Gabor Gombas <gombasg@...aki.hu>
To:	pageexec@...email.hu
Cc:	Tiago Assumpcao <tiago@...umpcao.org>, Greg KH <greg@...ah.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [stable] Linux 2.6.25.10

On Wed, Jul 16, 2008 at 11:01:51AM +0200, pageexec@...email.hu wrote:

> very good example of how you actually do *not* do what you claim. find me
> the word 'security' in your announcement. it's not there. amazing, isn't it.
> despite what your fellow -stable maintainer claimed *he* would at least do
> (and regularly tries to do so in fact). despite what you yourself did on
> other occasions (remember 2.6.23.8?). what's wrong with you Greg? have you
> not been told and proven to cover up security bugs enough times already?

Huh? Have you read the announcement? If one do not understand from the
wording that this _is_ a security fix then he/she is stupid beyond hope.

And I see that the biggest difference between you and the kernel
developers: the kernel developers want you to _think_ whether that
particular patch is important for you or not. You on the other hand want
to be able to mindlessly apply patches marked as "security fix" without
any consideration about how all the other unfixed bugs can bite you.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ