Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261437AbVALVEM (ORCPT ); Wed, 12 Jan 2005 16:04:12 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261438AbVALVDS (ORCPT ); Wed, 12 Jan 2005 16:03:18 -0500 Received: from mail.dif.dk ([193.138.115.101]:23020 "EHLO mail.dif.dk") by vger.kernel.org with ESMTP id S261437AbVALU5R (ORCPT ); Wed, 12 Jan 2005 15:57:17 -0500 Date: Wed, 12 Jan 2005 21:59:53 +0100 (CET) From: Jesper Juhl To: Linus Torvalds Cc: Chris Wright , akpm@osdl.org, alan@lxorguk.ukuu.org.uk, marcelo.tosatti@cyclades.com, linux-kernel@vger.kernel.org Subject: Re: thoughts on kernel security issues In-Reply-To: Message-ID: References: <20050112094807.K24171@build.pdx.osdl.net> <20050112104407.N24171@build.pdx.osdl.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1406 Lines: 35 On Wed, 12 Jan 2005, Linus Torvalds wrote: > > On Wed, 12 Jan 2005, Chris Wright wrote: > > > > Right, I know you don't like the embargo stuff. > > I'd very happy with a "private" list in the sense that people wouldn't > feel pressured to fix it that day, and I think it makes sense to have some > policy where we don't necessarily make them public immediately in order to > give people the time to discuss them. > > But it should be very clear that no entity (neither the reporter nor any > particular vendor/developer) can require silence, or ask for anything more > than "let's find the right solution". A purely _technical_ delay, in other > words, with no politics or other issues involved. > Being firmly in the full disclosure camp I hope you intend to stick to that "no entity (neither the reporter nor any particular vendor/developer) can require silence" bit. If you do, and if embargoes are kept to short nr. of days, then I think such a list would probably be a good idea. It would be a good compromise between full disclosure from day one and things being kept secret and out of view for months. Just my 0.02euro. -- Jesper Juhl - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/