Date: Mon, 10 Jan 2005 17:18:26 -0800
From: Chris Wright <chrisw@osdl.org>
To: Diego Calleja <diegocg@gmail.com>
Cc: Chris Wright <chrisw@osdl.org>, juhl-lkml@dif.dk, steve@rueb.com,
       linux-kernel@vger.kernel.org
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
Message-ID: <20050110171826.L2357@build.pdx.osdl.net>
References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de> <41E2F6B3.9060008@rueb.com> <Pine.LNX.4.61.0501102309270.2987@dragon.hygekrogen.localhost> <20050110164001.Q469@build.pdx.osdl.net> <20050111020931.3acbf4b9.diegocg@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20050111020931.3acbf4b9.diegocg@gmail.com>; from diegocg@gmail.com on Tue, Jan 11, 2005 at 02:09:31AM +0100
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1105
Lines: 26

* Diego Calleja (diegocg@gmail.com) wrote:
> El Mon, 10 Jan 2005 16:40:02 -0800 Chris Wright <chrisw@osdl.org> escribi?:
> 
> > Problem is, the rest of the world uses a security contact for reporting
> > security sensitive bugs to project maintainers and coordinating
> > disclosures.  I think it would be good for the kernel to do that as well.
> 
> (somewhat OT..)
> 
> Perhaps it's just me, but i think it'd be nice that a new kernel version is
> released every time a security issue is found.

I agree.  I'd not mind seeing a full release, but at least a collection
of relevant patches.  I used to keep such a list, and have discussed
bringing it back with some folks (just for the current stable 2.6.x).
I think there's some agreement that we could do better.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/