mailing list archives
Re: Port Randomization: New revision of our IETF Internet-Draft
From: Pavel Labushev <p.labushev () gmail com>
Date: Tue, 02 Sep 2008 17:17:43 +0800
Valdis.Kletnieks () vt edu ?????:
On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:
Linus doesn't care about security
No, he actually *does* care about security - he's just pf the opinion
that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on
them like certain *BSD variants think. He thinks that sticking a big
Linus is not a security expert. Not even close. He's not educated and
not experienced enough to make security decisions, but he does. That's
the problem. He cares somehow, but he's wrong.
SECURITY PATCH tag on a fix tends to make people cherry-pick and install
just those fixes - even though the patch they *didn't* install that
fixes a system crash or a silent data corruption is actually more critical.
"SECURITY PATCH tag on a fix" helps me to know that there is the problem
and I must consider the patch, check its correctness and maybe
test/backport/apply it to my production systems ASAP. Just as another
tags helps me to know that there are realiability and other issues I
must care about.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Message not available