Re: [stable] Linux 2.6.25.10 (resume)

[Rodrigo Rubira Branco]

First of all sorry for copy many people who maybe are not in the initial
discussion, but since I've not been copied I have no idea who are and who
are not in that thread ;)

The point that many people are trying to make is that Linux has a policy
defined in a document (Documentation/SecurityBugs) but are not following it.

Don't really matter to us what the policy is, but it's really important to
follow it (many people, who are security professionals need that, and many
others, who are NOT security professionals also).

We all know (both sides) that it's impossible to know everything related to
every bug and it's security impact.  But there is a lot of different
situations well-known as a security problems (because the bug class is well
know, because someone reported it with details to the devels, etc).  Hide it
is an option, disclouse it is another.  Have a policy is what matters.  Say
something and do another thing is always bad to everybody involved.
 

P.S:  I'm talking by myself, not for the company that I work for.


Rodrigo Rubira Branco (BSDaemon).

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/