[Ksummit-2013-discuss] KS Topic request: Handling the Stable kernel, let's dump the cc: stable tag
Jiri Kosina
jkosina at suse.cz
Tue Jul 16 09:11:24 UTC 2013
On Mon, 15 Jul 2013, Greg KH wrote:
> > Anything that's being reviewed on the stable list is public. I know
> > this is an old argument, but if you point out a fix you *know* has a
> > security impact then you'll help general distribution maintainers and
> > users a lot more than you help the black-hats who are quite capable of
> > recognising such a fix (if they haven't already spotted and exploited
> > the bug).
>
> I'm sorry, but you know I will not do that, so asking about it isn't
> going to change this behavior.
I just followed up in the other thread, where Ted was explaining why the
huge /dev/random rework was a -stable material.
Why specifically would it be wrong to be open about this being security
related, and providing the necessary data (i.e. at least reference to
http://factorable.net/) publically?
I fail to see what the point behind hiding this would be.
Thanks,
--
Jiri Kosina
SUSE Labs
More information about the Ksummit-2013-discuss
mailing list