Re: Linux 2.6.16.16
From: Maciej Soltysiak
Date: Sun May 14 2006 - 03:57:41 EST
Hello Greg,
Sunday, May 14, 2006, 5:59:37 AM, you wrote:
> To be fair, the extra work of writing out a detailed exploit, complete
> with example code, for every security update, would just take way too
> long.
Well, I think what we meant is just a one-liner hint from a wise developer
suggesting some action, meaning something like: "This one I recommend to all"
or "Use this if you use SCTP" or "X can do nasty things, you should upgrade
if you are using it". If the patch title is "Fix a buffer overflow in foo"
everybody knows what to do, but when it says "Fix foo so that baz stays barred"
an additional hint would be nice, because it's ambiguous for someone
just tracking stable releases and not being knowledgible enough to decide
whether baz is a function or system call that they are using.
I was not suggesting full detailed reports, I know the developers have better
things to do, just some hints :-)
--
Best regards,
Maciej
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/