lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080716.033112.193697209.davem@davemloft.net>
Date:	Wed, 16 Jul 2008 03:31:12 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	pageexec@...email.hu
Cc:	tiago@...umpcao.org, torvalds@...ux-foundation.org, greg@...ah.com,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	stable@...nel.org
Subject: Re: [stable] Linux 2.6.25.10

From: pageexec@...email.hu
Date: Wed, 16 Jul 2008 12:23:50 +0200

> On 16 Jul 2008 at 3:08, David Miller wrote:
> 
> > IOW, when we fix security issues, it's simply not even appropriate or 
> > relevant to you.
> 
> i'll ask again: why aren't security fixes that you fix relevant to users
> of older kernels (as that's what the topic was)?

Backporting any fix to older kernels is a chore, the further back you
go, the harder and less fun it is.

The tipping point is really quick to where someone hacking the kernel
for fun simply isn't going to do it, nor should they be expected to.

That's why people who want a stable supported kernel with fixes
constantly backported have grown accustomed to paying for that service.

And to me that is entirely reasonable.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ