oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: Greg KH <greg () kroah com>
Date: Thu, 3 Mar 2011 17:59:08 -0800
On Thu, Mar 03, 2011 at 08:11:00PM -0500, Michael Gilbert wrote:
On Thu, 3 Mar 2011 16:41:07 -0800 Greg KH wrote:On Thu, Mar 03, 2011 at 07:26:21PM -0500, Dan Rosenberg wrote:Of course failing to anticipate security impact is bound to happen in the kernel; it frequently happens in userland too, and is unavoidable. That doesn't mean we can't try, and it doesn't mean we should be overly paranoid and have security folks manually audit every patch. Currently, maintainers and bug reporters are expected to ask themselves a simple question when deciding whether or not to CC stable: "does this fix a bug or security issue, or is it a new feature?". Similarly, I don't think it's too much to ask for people to consider the question of "does this bug it allow an unprivileged user to crash the system, gain additional access, or otherwise cross privilege boundaries?" And if the answer is "I don't know, maybe?", then they should CC this list to be safe. I think this would result in not nearly as much volume as you're anticipating.They do this already today, that's what security () kernel org is for, and it gets a bit of traffic like this every week.Is this list open to the public? It doesn't seem to be available on http://vger.kernel.org/vger-lists.html.
No, it is closed, as it should be as potential security problems are mailed there. You don't want that to be totally open, right? thanks, greg k-h
Current thread:
- Re: Vendor-sec hosting and future of closed lists, (continued)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Michael Gilbert (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)