On Fri, Nov 30, 2001 at 11:47:28AM -0500, Jeff Garzik wrote:
> The security community has shown us time and again that public shaming
> is often the only way to motivate vendors into fixing security
> problems. Yes, even BSD security guys do this :)
It's a bit different. Usually the security community uses it
when there isn't a way to fix the code (i.e. non-free code)
or when the maintaner of the code refused to fix the issue.
Also to "expose" the security problem isn't the same as
to flame.
While not a good idea, something like a long name
for a local var isn't a big problem like a completly
broken software with huge security holes used by milions of people
every day.
The quality of the code should be ensured in a different
way. If there is a standard coding-style you should either:
1) refuse to include broken code before the programmer fix it
2) fix it yourself before the inclusion
Flames aren't a good solution imho.
-- Salvatore Sanfilippo <antirez@invece.org> http://www.kyuzz.org/antirez finger antirez@tella.alicom.com for PGP key 28 52 F5 4A 49 65 34 29 - 1D 1B F6 DA 24 C7 12 BF - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 30 2001 - 21:00:39 EST