Re: thoughts on kernel security issues

[Chris Wright]

* Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
> On Iau, 2005-01-13 at 21:03, Linus Torvalds wrote:
> > On Thu, 13 Jan 2005, Alan Cox wrote:
> >  - no embargo, no rules, but "private" in the sense that it's supposed to 
> >    be for kernel developers only or at least people who won't take 
> >    advantage of it.
> > 
> >    _I_ think this is the one that makes sense. No hard rules, but private 
> >    enough that people won't feel _guilty_ about reporting problems. Right 
> >    now I sometimes get private email from people who don't want to point
> >    out some local DoS or similar, and that can certainly get lost in the
> >    flow.
> 
> And also not passed on to vendors and other folks which is a pita and
> this would fix
> > 
> >  - _short_ embargo, for kernel-only. I obviously believe that vendor-sec 
> >    is whoring itself for security firms and vendors. I believe there would 
> >    be a place for something with stricter rules on disclosure.
> 
> Seems these two could be the same list with a bit of respect for users
> wishes and common sense.

I think they should be the same.  I hope the draft security contact bits
reflect that.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/