lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Jul 2008 22:10:19 -0300
From:	Tiago Assumpcao <tiago@...umpcao.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	pageexec@...email.hu, Greg KH <greg@...ah.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [stable] Linux 2.6.25.10

Linus Torvalds wrote:
> 
> Umm. And if the whole discussion it was hidden from us on some private 
> vendor list, why should we then help track their hidden state?
> 
> That's what you claimed we should do, wasn't it?

How can I expect one to treat the unknown? If you are not aware of it, 
you do nothing. Whenever a software organization is informed of a 
problem in some product of their responsibility, they act upon it. On 
the contrary, no, I don't expect any magic from you. Thanks for 
bothering, though.

> 
>> Personally, I, too, have a major disgust for most crap seen in the so called
>> info-sec world. I hand you my agreement on this one.
>> Except, it changes in nothing your responsibilities.
> 
> My responsibility is to do a good job. And not pander to the people who 
> want to turn security into a media circus.

And I thank you for that. No to the "security media circus".

> 
> Which is exactly what I'm doing. No media circus.
> 
> 		Linus
> 

Wrong. This is not "media circus".
Whoever reads this thread with the basic understanding of software 
development procedures, the reality of information security and with 
legit judgment will clearly understand what you are doing and what 
"pageexec" and I claim for. Further, I claim for decency from your part.

All I ask for is to receive the "There are updates available." message 
as soon as one security problem is reported, understood and treated by 
your development part. And that is, the sooner possible, if you please.
Plus, if one bothers, to be able to know the exact location of this bug 
and its characteristics.

However, for these to happen, we need your collaboration. Or, with two 
words, your responsibility.


Thanks,
--t

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ