lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Oct 2017 21:02:29 +0200
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     James Morris <james.l.morris@...cle.com>
Cc:     John Johansen <john.johansen@...onical.com>,
        James Bottomley <James.Bottomley@...senpartnership.com>,
        Thorsten Leemhuis <regressions@...mhuis.info>,
        Vlastimil Babka <vbabka@...e.cz>,
        Seth Arnold <seth.arnold@...onical.com>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: regression in 4.14-rc2 caused by apparmor: add base infastructure
 for socket mediation

On Thu, Oct 26, 2017 at 8:54 PM, James Morris <james.l.morris@...cle.com> wrote:
> On Thu, 26 Oct 2017, Linus Torvalds wrote:
>
>> I'm *very* unhappy with the security layer as is
>
> What are you unhappy with?

We had two big _fundamental_ problems this merge window:

 - untested code that clearly didn't do what it claimed it did, and
which caused me to not even accept the main pull request

 - apparmor code that had a regression, where it took three weeks for
that regression to be escalated to me simply because the developer was
denying the regression.

Tell me why I *shouldn't* be unhappy with the security layer?

I shouldn't be in the situation where I start reviewing the code and
go "that can't be right".

And I *definitely* shouldn't be in the situation where I need to come
in three weeks later and tell people what a regression is!

             Linus

Powered by blists - more mailing lists