Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757928AbYGPE60 (ORCPT ); Wed, 16 Jul 2008 00:58:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751573AbYGPE6S (ORCPT ); Wed, 16 Jul 2008 00:58:18 -0400 Received: from usmail2.us.checkpoint.com ([216.200.240.146]:46063 "EHLO us.checkpoint.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751289AbYGPE6R (ORCPT ); Wed, 16 Jul 2008 00:58:17 -0400 X-Greylist: delayed 2587 seconds by postgrey-1.27 at vger.kernel.org; Wed, 16 Jul 2008 00:58:17 EDT From: "Rodrigo Rubira Branco" To: , Cc: , "'Justin Forbes'" , "'Zwane Mwaikambo'" , "'Theodore Ts'o'" , "'Randy Dunlap'" , "'Dave Jones'" , "'Chuck Wolber'" , "'Chris Wedgwood'" , "'Michael Krufky'" , "'Chuck Ebbert'" , "'Domenico Andreoli'" , "'Willy Tarreau'" , , , , "'Alan Cox'" , , "'Greg KH'" , References: <20080701151057.930340322@mini.kroah.org> <200807021257.47593.caglar@pardus.org.tr> <20080702144149.GA16850@suse.de> <200807021809.07679.caglar@pardus.org.tr> Subject: Re: [stable] Linux 2.6.25.10 (resume) Date: Wed, 16 Jul 2008 01:01:24 -0300 Message-ID: <005001c8e6f8$ac0955f0$a6181fac@ad.checkpoint.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 In-Reply-To: <200807021809.07679.caglar@pardus.org.tr> Thread-Index: AcjcVYykqTF/NdeiRx+CPu6Sm7vNGwKock5A Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1319 Lines: 29 First of all sorry for copy many people who maybe are not in the initial discussion, but since I've not been copied I have no idea who are and who are not in that thread ;) The point that many people are trying to make is that Linux has a policy defined in a document (Documentation/SecurityBugs) but are not following it. Don't really matter to us what the policy is, but it's really important to follow it (many people, who are security professionals need that, and many others, who are NOT security professionals also). We all know (both sides) that it's impossible to know everything related to every bug and it's security impact. But there is a lot of different situations well-known as a security problems (because the bug class is well know, because someone reported it with details to the devels, etc). Hide it is an option, disclouse it is another. Have a policy is what matters. Say something and do another thing is always bad to everybody involved. P.S: I'm talking by myself, not for the company that I work for. Rodrigo Rubira Branco (BSDaemon). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/