Full Disclosure mailing list archives
Re: Port Randomization: New revision of our IETF Internet-Draft
From: Pavel Labushev <p.labushev () gmail com>
Date: Tue, 02 Sep 2008 17:17:43 +0800
Valdis.Kletnieks () vt edu ?????:
On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:Linus doesn't care about securityNo, he actually *does* care about security - he's just pf the opinion that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on them like certain *BSD variants think. He thinks that sticking a big
Linus is not a security expert. Not even close. He's not educated and not experienced enough to make security decisions, but he does. That's the problem. He cares somehow, but he's wrong.
SECURITY PATCH tag on a fix tends to make people cherry-pick and install just those fixes - even though the patch they *didn't* install that fixes a system crash or a silent data corruption is actually more critical.
"SECURITY PATCH tag on a fix" helps me to know that there is the problem and I must consider the patch, check its correctness and maybe test/backport/apply it to my production systems ASAP. Just as another tags helps me to know that there are realiability and other issues I must care about. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Port Randomization: New revision of our IETF Internet-Draft coderman (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft Valdis . Kletnieks (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft rholgstad (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft Valdis . Kletnieks (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft Pavel Labushev (Sep 02)
- Re: Port Randomization: New revision of our IETF Internet-Draft Valdis . Kletnieks (Sep 02)
- Re: Port Randomization: New revision of our IETF Internet-Draft Pavel Labushev (Sep 02)
- Re: Port Randomization: New revision of our IETF Internet-Draft rholgstad (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft Valdis . Kletnieks (Sep 01)
- Re: Port Randomization: New revision of our IETF Internet-Draft Fernando Gont (Sep 02)
- Re: Port Randomization: New revision of our IETF Internet-Draft coderman (Sep 02)
- Message not available
- Re: Port Randomization: New revision of our IETF Internet-Draft Fernando Gont (Sep 02)