lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1217982329.27684.214.camel@localhost.localdomain>
Date:	Tue, 05 Aug 2008 20:25:29 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Greg KH <greg@...ah.com>
Cc:	Al Viro <viro@...IV.linux.org.uk>,
	"Press, Jonathan" <Jonathan.Press@...com>,
	Theodore Tso <tytso@....edu>,
	Arjan van de Ven <arjan@...radead.org>,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	linux-security-module@...r.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro
	toalinuxinterfaceforonaccess scanning

On Tue, 2008-08-05 at 17:11 -0700, Greg KH wrote:
> On Tue, Aug 05, 2008 at 07:48:52PM -0400, Eric Paris wrote:
> > On Wed, 2008-08-06 at 00:37 +0100, Al Viro wrote:
> > > On Tue, Aug 05, 2008 at 03:26:38PM -0700, Greg KH wrote:
> > > > On Tue, Aug 05, 2008 at 06:12:34PM -0400, Press, Jonathan wrote:
> > > > > Sorry for the top-post... but I give up.
> > > > >  
> > > > > I don't think I'm stupid, but frankly I don't understand the point of
> > > > > the questions being asked in the last three responses to my statement.
> > > > > I don't know why they are relevant, and I don't know how to answer
> > > > > them in a framework that we can all understand at the same time.
> > > 
> > > Excuse me?  One of those questions had been a very specific yes-or-no one
> > > and I certainly hope that we all can understand either answer to such...
> > > 
> > > For the record, the question is
> > > 
> > > "Do you or do you not expect the malware to be active on scanning host?"
> > 
> > I do believe for a number of AV vendors the answer is yes.  I will try
> > to have some offline conversations with the right people at a number of
> > vendors and work to better define the threats that they wish to or
> > believe they are able to help mitigate.
> 
> This is troubling to me.  Why "offline conversations"?  Why are you
> being forced to be the mediator here?  Why will these companies not
> contribute directly to the development of this code/model in public,
> like all other major Linux kernel contributions?

I'm going to be trying to get them to talk offline because obviously few
people from the AV industry are stepping up online.  I'm told we'll be
hearing from Sophos tomorrow and hopefully they will have read all of
today chatter and will form a coherent position.

> Isn't this the point of the malware-list in the first place?

Yes it is, hopefully if we can move parts of this conversation to
malware list the AV vendors will feel a bit less like this is an us
against them proposition and more like a collaborative effort.  From my
point of view I'd have to say that everyone has been refreshingly
polite   :)

> For them to hide behind _anyone_ seems very suspect.

I don't think its hiding, I'm attempting to bring these companies who
just don't understand how to work in public after years of building
walls along at a reasonable pace so noone feels they have to give up or
that finding a real solution is an impossible task.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ