Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261299AbVALTok (ORCPT ); Wed, 12 Jan 2005 14:44:40 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261238AbVALTmX (ORCPT ); Wed, 12 Jan 2005 14:42:23 -0500 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:34994 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id S261349AbVALThJ (ORCPT ); Wed, 12 Jan 2005 14:37:09 -0500 Date: Wed, 12 Jan 2005 14:12:27 -0200 From: Marcelo Tosatti To: Linus Torvalds Cc: Greg KH , Chris Wright , akpm@osdl.org, alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org Subject: Re: thoughts on kernel security issues Message-ID: <20050112161227.GF32024@logos.cnet> References: <20050112094807.K24171@build.pdx.osdl.net> <20050112185133.GA10687@kroah.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1791 Lines: 41 On Wed, Jan 12, 2005 at 11:01:42AM -0800, Linus Torvalds wrote: > > > On Wed, 12 Jan 2005, Greg KH wrote: > > > > So you would be for a closed list, but there would be no incentive at > > all for anyone on the list to keep the contents of what was posted to > > the list closed at any time? That goes against the above stated goal of > > complying with RFPolicy. > > There's already vendor-sec. I assume they follow RFPolicy already. If it's > just another vendor-sec, why would you put up a new list for it? > > In other words, if you allow embargoes and vendor politics, what would the > new list buy that isn't already in vendor-sec. > > When I saw how vendor-sec worked, I decided I will never be on an embargo > list. Ever. That's not to say that such a list can't work - I just > personally refuse to have anything to do with one. Whether that matters or > not is obviously an open question. Of course it matters Linus - vendors need time to prepare their updates. You can't ignore that, and you can't "have nothing to do with it". You seem to dislike the way embargos have been done on vendorsec, fine. They can be done on a different way, but you have to understand that you and Andrew need to follow and agree with the embargo. How you feel about having short fixed time embargo's (lets say, 3 or 4 days) ? The only reason for this is to have "time for the vendors to catch up", which can be defined by the kernel security office. Nothing more - no vendor politics involved. It is a simple matter of synchronization. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/