|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Mon Sep 01 2008 - 17:23:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:
> Linus doesn't care about security
No, he actually *does* care about security - he's just pf the opinion
that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on
them like certain *BSD variants think. He thinks that sticking a big
SECURITY PATCH tag on a fix tends to make people cherry-pick and install
just those fixes - even though the patch they *didn't* install that
fixes a system crash or a silent data corruption is actually more critical.
Your chances of getting it accepted improve greatly if you have a nice
writeup of *why* the patch is a good idea - summarize the current
state, explain how the new version works, list what attacks it minimizes.
Oh - and I *guarantee* that somebody will make a (quite valid) issue about
the drain on the /dev/random entropy pool if you're using that as your
(possibly indirect) source of random bits. You may want to make sure
that you have either Kconfig magic for compile time selection, and/or
a /sys file or something for runtime tweaking.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIvGtecC3lWbTT17ARAgEqAKCJy2PUmTwdQ8uabhAWdvk3BB6hoACffZD+
Nd97kBDdbz+NRJihfF0kvPE=
=fYRG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]