Re: thoughts on kernel security issues

[Jesper Juhl]

On Wed, 12 Jan 2005, Linus Torvalds wrote:
> 
> On Wed, 12 Jan 2005, Chris Wright wrote:
> > 
> > Right, I know you don't like the embargo stuff.
> 
> I'd very happy with a "private" list in the sense that people wouldn't 
> feel pressured to fix it that day, and I think it makes sense to have some 
> policy where we don't necessarily make them public immediately in order to 
> give people the time to discuss them. 
> 
> But it should be very clear that no entity (neither the reporter nor any
> particular vendor/developer) can require silence, or ask for anything more
> than "let's find the right solution". A purely _technical_ delay, in other
> words, with no politics or other issues involved.
> 
Being firmly in the full disclosure camp I hope you intend to stick to 
that "no entity (neither the reporter nor any particular vendor/developer) 
can require silence" bit. If you do, and if embargoes are kept to short 
nr. of days, then I think such a list would probably be a good idea. It 
would be a good compromise between full disclosure from day one and things 
being kept secret and out of view for months.


Just my 0.02euro.


-- 
Jesper Juhl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/