Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Port Randomization: New revision of our IETF Internet-Draft
From: Pavel Labushev <p.labushev () gmail com>
Date: Tue, 02 Sep 2008 17:17:43 +0800

Valdis.Kletnieks () vt edu ?????:
On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:
Linus doesn't care about security

No, he actually *does* care about security - he's just pf the opinion
that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on
them like certain *BSD variants think.  He thinks that sticking a big

Linus is not a security expert. Not even close. He's not educated and 
not experienced enough to make security decisions, but he does. That's 
the problem. He cares somehow, but he's wrong.

SECURITY PATCH tag on a fix tends to make people cherry-pick and install
just those fixes - even though the patch they *didn't* install that
fixes a system crash or a silent data corruption is actually more critical.

"SECURITY PATCH tag on a fix" helps me to know that there is the problem 
and I must consider the patch, check its correctness and maybe 
test/backport/apply it to my production systems ASAP. Just as another 
tags helps me to know that there are realiability and other issues I 
must care about.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]