Re: thoughts on kernel security issues

From: Marek Habersack
Date: Thu Jan 13 2005 - 14:50:42 EST

Next message: Andi Kleen: "Re: NUMA or not on dual Opteron"
Previous message: Christian Borntraeger: "[PATCH] reintroduce EXPORT_SYMBOL(task_nice) for binfmt_elf32"
In reply to: Florian Weimer: "Re: thoughts on kernel security issues"
Next in thread: Chris Wright: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 13, 2005 at 03:36:27PM +0000, Alan Cox scribbled:
> On Mer, 2005-01-12 at 17:42, Marcelo Tosatti wrote:
> > The kernel security list must be higher in hierarchy than vendorsec.
> >
> > Any information sent to vendorsec must be sent immediately for the kernel
> > security list and discussed there.
>
> We cannot do this without the reporters permission. Often we get
I think I don't understand that. A reporter doesn't "own" the bug - not the
copyright, not the code, so how come they can own the fix/report?

> material that even the list isn't allowed to directly see only by
> contacting the relevant bodies directly as well. The list then just
> serves as a "foo should have told you about issue X" notification.
This sounds crazy. I understand that this may happen with proprietary
software, or software that is made/supported by a company but otherwise opensource
(like OpenOffice, for instance), but the kernel?

regards,

marek

Attachment: signature.asc
Description: Digital signature

Next message: Andi Kleen: "Re: NUMA or not on dual Opteron"
Previous message: Christian Borntraeger: "[PATCH] reintroduce EXPORT_SYMBOL(task_nice) for binfmt_elf32"
In reply to: Florian Weimer: "Re: thoughts on kernel security issues"
Next in thread: Chris Wright: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]