Re: [Ksummit-2013-discuss] KS Topic request: Handling the Stablekernel, let's dump the cc: stable tag

From: Jiri Kosina
Date: Tue Jul 16 2013 - 05:11:32 EST


On Mon, 15 Jul 2013, Greg KH wrote:

> > Anything that's being reviewed on the stable list is public. I know
> > this is an old argument, but if you point out a fix you *know* has a
> > security impact then you'll help general distribution maintainers and
> > users a lot more than you help the black-hats who are quite capable of
> > recognising such a fix (if they haven't already spotted and exploited
> > the bug).
>
> I'm sorry, but you know I will not do that, so asking about it isn't
> going to change this behavior.

I just followed up in the other thread, where Ted was explaining why the
huge /dev/random rework was a -stable material.

Why specifically would it be wrong to be open about this being security
related, and providing the necessary data (i.e. at least reference to
http://factorable.net/) publically?

I fail to see what the point behind hiding this would be.

Thanks,

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/