lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 21 Oct 2008 20:41:24 -0400
From:	Valdis.Kletnieks@...edu
To:	Alex Howells <alex@...emark.co.uk>
Cc:	Greg KH <greg@...ah.com>,
	Alexandre Oliva <oliva@....ic.unicamp.br>,
	"H. Peter Anvin" <hpa@...nel.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Adrian Bunk <bunk@...nel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [RFC] Kernel version numbering scheme change

On Tue, 21 Oct 2008 20:52:02 BST, Alex Howells said:
> Requirements for me to put a kernel on a given server would be:

>     *  supports the hardware
The problem is that "supports" is often a fuzzy jello-like substance you
try to nail to a tree.  You mention the R8169 and e1000 drivers - if they
bring the device up, but have issues under corner cases, is that "supports"
or not?

>     *  no security holes [in options I enable]
Similarly for "no security holes".  At *BEST*, you'll get "no *known* *major*
security holes", unless you feel like auditing the entire source tree.  There's
a whole slew of bugs that we can't even agree if they *are* security bugs or
just plain bugs - see Linus's rant on the subject a few months back.

>     *  works reliably, under load/stress.
And you win the trifecta - I don't think we've *ever* shipped a Linux kernel
that worked reliably under the proper "beat on the scheduler/VM corner case"
load/stress testing.  Again, the best you can hope for is "doesn't fall over
under non-pathological non-corner-case loads when sufficient resources are
available so the kernel has a fighting chance".  Doing 'make -j100' on a
single Core2 Duo is gonna be painful, no matter what.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ