Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262099AbVAOBv7 (ORCPT ); Fri, 14 Jan 2005 20:51:59 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262136AbVAOBt3 (ORCPT ); Fri, 14 Jan 2005 20:49:29 -0500 Received: from [81.2.110.250] ([81.2.110.250]:59625 "EHLO localhost.localdomain") by vger.kernel.org with ESMTP id S262099AbVAOBqC (ORCPT ); Fri, 14 Jan 2005 20:46:02 -0500 Subject: Re: thoughts on kernel security issues From: Alan Cox To: Linus Torvalds Cc: "Theodore Ts'o" , Dave Jones , Marek Habersack , Marcelo Tosatti , Greg KH , Chris Wright , akpm@osdl.org, Linux Kernel Mailing List In-Reply-To: References: <20050112174203.GA691@logos.cnet> <1105627541.4624.24.camel@localhost.localdomain> <20050113194246.GC24970@beowulf.thanes.org> <20050113200308.GC3555@redhat.com> <1105644461.4644.102.camel@localhost.localdomain> <20050114183415.GA17481@thunk.org> <20050114221343.GA18140@thunk.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1105748623.9838.95.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Sat, 15 Jan 2005 00:34:14 +0000 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1864 Lines: 41 On Gwe, 2005-01-14 at 22:51, Linus Torvalds wrote: > Sure, you can do that, and if you do that, then the world recognizes you > for what you are - nothing but a publicity-seeking creep. And what does that make writing your own operating system ? Some of the security folks are publicity seekers, others see it as an investment against getting a job by becoming known. Quite a few we deal with a large professional organisations who don't need publicity and actually the more interesting bodies often don't *want* publicity just to ensure that all their vendors have fixes before things go public and that their government infrastructure and nation state will be best served. > THAT is why vendor-sec is bad. It allows publicity-seeking creeps to take > on the mantle of being "good". They don't agree with you, nor do the economists I'm afraid. > I'm arguing for exposing them for what they are. If that hurts some > feelings, tough ;) Its ok I'm sure they think you are an arrogant clueless jerk 8) > It's not a one- or two-week delay. Once the vendor-sec mentality takes > effect, the delay inevitably grows. You _always_ have excuses for > delaying, and as shown by this thread, a _lot_ of people believe them. The "vendor-sec" mentality - from someone who has never been involved in it. Ah yes Linus you might want to consider writing articles for a local newspaper you appear to have the right qualifications for it 8) vendor-sec has a lot of people on it who don't like long non-disclosure periods and get quite annoyed when they happen out of our control (eg CERT originated notifications). Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/