Re: [stable] Linux 2.6.25.10

From: pageexec
Date: Wed Jul 16 2008 - 11:45:36 EST

Next message: pageexec: "Re: [stable] Linux 2.6.25.10"
Previous message: Oliver Neukum: "Re: [PATCH] drivers/usb/class/usblp.c: adjust error handling code"
In reply to: Greg KH: "Re: [stable] Linux 2.6.25.10"
Next in thread: Greg KH: "Re: [stable] Linux 2.6.25.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16 Jul 2008 at 7:43, Greg KH wrote:

> On Wed, Jul 16, 2008 at 11:01:51AM +0200, pageexec@xxxxxxxxxxx wrote:
> > On 15 Jul 2008 at 20:13, Greg KH wrote:
> >
> > very good example of how you actually do *not* do what you claim. find me
> > the word 'security' in your announcement. it's not there. amazing, isn't it.
>
> No, it was a consious decision to do just to piss you off, glad to see
> it worked :)
>
> Come on, give me a break, Tiago asked that we do releases as soon as we
> know about a security problem. 2.6.25.11 was released because of this,
> and all users were told to upgrade. Is the fact that I add the magic
> word "security" in a sentance in the email some specific requirement
> that will make you happy?

it's not about making me happy Greg. i can figure these things out for
myself, i do *not* need your help in that. there're many users however
who rely on your providing accurate information. announcing a security
fix as such is the proper thing to do, i can't imagine how you guys can
dance around that simple fact for so long. just look at what your own
employer does with security bugs, if they see it fit to mark them as
such, how can you possibly argue that you're somehow acting in good
faith when you cover them up? will you next tell your corporate bosses
that they're bloody idiots that can't tell a bug from a bug and should
just omit the word 'security' altogether from future announcements? i
didn't think so either.

> Take a look at the words I used, if someone can't determine if they
> should upgrade or not based on that,

your carefully chosen words are *wrong* in fact. exploiting local bugs
has nothing to do with having untrusted users in the age of client side
exploits. due to your completely mischaracterized description, individual
home users may very well feel that they do not need to upgrade, to the
delight of the next malware owning their browser. you can congratulate
yourself Greg, you successfully misled a whole class of users.

> then they need to rely on a company
> to provide updates for them, and not be running their own kernels
> because they really have no clue about system management.

you conveniently failed to respond to the rest of my mail where i showed
that Chris Wright, heck, even yourself did announce security fixes as such
in the past. how do you explain that?

> Bah, what a joke.

and i thought i was the one getting pissed ;).
cheer up,
PaX Team

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: pageexec: "Re: [stable] Linux 2.6.25.10"
Previous message: Oliver Neukum: "Re: [PATCH] drivers/usb/class/usblp.c: adjust error handling code"
In reply to: Greg KH: "Re: [stable] Linux 2.6.25.10"
Next in thread: Greg KH: "Re: [stable] Linux 2.6.25.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]