Re: thoughts on kernel security issues

[Chris Wright]

* Greg KH (greg@xxxxxxxxx) wrote:
> On Wed, Jan 12, 2005 at 11:01:42AM -0800, Linus Torvalds wrote:
> > On Wed, 12 Jan 2005, Greg KH wrote:
> > > So you would be for a closed list, but there would be no incentive at
> > > all for anyone on the list to keep the contents of what was posted to
> > > the list closed at any time?  That goes against the above stated goal of
> > > complying with RFPolicy.
> > 
> > There's already vendor-sec. I assume they follow RFPolicy already. If it's 
> > just another vendor-sec, why would you put up a new list for it?
> 
> I think the issue is that there is no main "security" contact for the
> kernel.  If we want to make vendor-sec that contact, fine, but we better
> warn the vendor-sec people :)

Yes.  And I think we should have our own contact.

> > In other words, if you allow embargoes and vendor politics, what would the 
> > new list buy that isn't already in vendor-sec.
> 
> vendor-sec handles a lot of other stuff that is not kernel related
> (every package that is in a distro.) This would only be for the kernel.

Yes, and IMO, it could inform vendor-sec.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/