Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261260AbVALS4a (ORCPT ); Wed, 12 Jan 2005 13:56:30 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261238AbVALSyi (ORCPT ); Wed, 12 Jan 2005 13:54:38 -0500 Received: from e35.co.us.ibm.com ([32.97.110.133]:22659 "EHLO e35.co.us.ibm.com") by vger.kernel.org with ESMTP id S261260AbVALSvj (ORCPT ); Wed, 12 Jan 2005 13:51:39 -0500 Date: Wed, 12 Jan 2005 10:51:33 -0800 From: Greg KH To: Linus Torvalds Cc: Chris Wright , akpm@osdl.org, alan@lxorguk.ukuu.org.uk, marcelo.tosatti@cyclades.com, linux-kernel@vger.kernel.org Subject: Re: thoughts on kernel security issues Message-ID: <20050112185133.GA10687@kroah.com> References: <20050112094807.K24171@build.pdx.osdl.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1378 Lines: 35 On Wed, Jan 12, 2005 at 10:05:34AM -0800, Linus Torvalds wrote: > > > On Wed, 12 Jan 2005, Chris Wright wrote: > > > > This same discussion is taking place in a few forums. Are you opposed to > > creating a security contact point for the kernel for people to contact > > with potential security issues? This is standard operating procedure > > for many projects and complies with RFPolicy. > > I wouldn't mind, and it sounds like a good thing to have. The _only_ > requirement that I have is that there be no stupid embargo on the list. > Any list with a time limit (vendor-sec) I will not have anything to do > with. > > If that means that you can get only the list by invitation-only, that's > fine. So you would be for a closed list, but there would be no incentive at all for anyone on the list to keep the contents of what was posted to the list closed at any time? That goes against the above stated goal of complying with RFPolicy. I understand your dislike of having to wait once you know of a security issue before making the fix public, but how should distros coordinate fixes in any other way? thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/