Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port Randomization: New revision of our IETF Internet-Draft

From: Pavel Labushev <p.labushev () gmail com>
Date: Tue, 02 Sep 2008 17:17:43 +0800
Valdis.Kletnieks () vt edu ?????:

On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:

Linus doesn't care about security


No, he actually *does* care about security - he's just pf the opinion
that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on
them like certain *BSD variants think.  He thinks that sticking a big


Linus is not a security expert. Not even close. He's not educated and 
not experienced enough to make security decisions, but he does. That's 
the problem. He cares somehow, but he's wrong.


SECURITY PATCH tag on a fix tends to make people cherry-pick and install
just those fixes - even though the patch they *didn't* install that
fixes a system crash or a silent data corruption is actually more critical.


"SECURITY PATCH tag on a fix" helps me to know that there is the problem 
and I must consider the patch, check its correctness and maybe 
test/backport/apply it to my production systems ASAP. Just as another 
tags helps me to know that there are realiability and other issues I 
must care about.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: