| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2017 21:02:29 +0200
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: James Morris <james.l.morris@...cle.com>
Cc: John Johansen <john.johansen@...onical.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
Thorsten Leemhuis <regressions@...mhuis.info>,
Vlastimil Babka <vbabka@...e.cz>,
Seth Arnold <seth.arnold@...onical.com>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: regression in 4.14-rc2 caused by apparmor: add base infastructure
for socket mediation
On Thu, Oct 26, 2017 at 8:54 PM, James Morris <james.l.morris@...cle.com> wrote:
> On Thu, 26 Oct 2017, Linus Torvalds wrote:
>
>> I'm *very* unhappy with the security layer as is
>
> What are you unhappy with?
We had two big _fundamental_ problems this merge window:
- untested code that clearly didn't do what it claimed it did, and
which caused me to not even accept the main pull request
- apparmor code that had a regression, where it took three weeks for
that regression to be escalated to me simply because the developer was
denying the regression.
Tell me why I *shouldn't* be unhappy with the security layer?
I shouldn't be in the situation where I start reviewing the code and
go "that can't be right".
And I *definitely* shouldn't be in the situation where I need to come
in three weeks later and tell people what a regression is!
Linus
Powered by blists - more mailing lists