lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080716.040447.249346237.davem@davemloft.net>
Date:	Wed, 16 Jul 2008 04:04:47 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	pageexec@...email.hu
Cc:	tiago@...umpcao.org, torvalds@...ux-foundation.org, greg@...ah.com,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	stable@...nel.org
Subject: Re: [stable] Linux 2.6.25.10

From: pageexec@...email.hu
Date: Wed, 16 Jul 2008 12:51:31 +0200

> On 16 Jul 2008 at 3:31, David Miller wrote:
> 
> > From: pageexec@...email.hu
> > Date: Wed, 16 Jul 2008 12:23:50 +0200
> > 
> > > On 16 Jul 2008 at 3:08, David Miller wrote:
> > > 
> > > > IOW, when we fix security issues, it's simply not even appropriate or 
> > > > relevant to you.
> > > 
> > > i'll ask again: why aren't security fixes that you fix relevant to users
> > > of older kernels (as that's what the topic was)?
> > 
> > Backporting any fix to older kernels is a chore, the further back you
> > go, the harder and less fun it is.
 ...
> > The tipping point is really quick to where someone hacking the kernel
> > for fun simply isn't going to do it, nor should they be expected to.
> > 
> > That's why people who want a stable supported kernel with fixes
> > constantly backported have grown accustomed to paying for that service.
> 
> and how does that imply that you should not mark security fixes as such?

You asked me why fixes are not relevant to users of older upstream
non-dist kernels.  And I answered that question.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ