Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft

From: Pavel Labushev <p.labushev@xxxxxxxxx>
Date: Tue, 02 Sep 2008 17:17:43 +0800

Valdis.Kletnieks@xxxxxx ?????:

On Mon, 01 Sep 2008 15:51:35 CDT, rholgstad said:

Linus doesn't care about security

No, he actually *does* care about security - he's just pf the opinion
that security fixes don't automatically rate a 'ZOMG! PWNED!' flag on
them like certain *BSD variants think. He thinks that sticking a big

Linus is not a security expert. Not even close. He's not educated and
not experienced enough to make security decisions, but he does. That's
the problem. He cares somehow, but he's wrong.

SECURITY PATCH tag on a fix tends to make people cherry-pick and install
just those fixes - even though the patch they *didn't* install that
fixes a system crash or a silent data corruption is actually more critical.

"SECURITY PATCH tag on a fix" helps me to know that there is the problem
and I must consider the patch, check its correctness and maybe
test/backport/apply it to my production systems ASAP. Just as another
tags helps me to know that there are realiability and other issues I
must care about.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: Valdis . Kletnieks

References:
- [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: Fernando Gont
- Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: coderman
- Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: rholgstad
- Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] test
Next by Date: [Full-disclosure] [SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution
Previous by thread: Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
Next by thread: Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
Index(es):
- Date
- Thread

Relevant Pages

[ANNOUNCE] Linux 2.4.32-hf32.2
... wan sdla: fix probable security hole ... The following patch fixes a race condition that allows local users to ... Multicast source filters aren't widely used yet, ...
(Linux-Kernel)
Re: [kde] Automated import of camera photos
... had the primary browser being broken for TWO so-called stable-series ... Clearly, if kde4 itself is claimed to be stable, then either the kde and ... (such as the entire lack of GUI security cert management for several ... CARE about security enough to either code-up or make a public statement ...
(KDE)
Re: [Full-disclosure] Port Randomization: New revision of our IETF Internet-Draft
... he actually *does* care about security - he's just pf the opinion ... that security fixes don't automatically rate a 'ZOMG! ... SECURITY PATCH tag on a fix tends to make people cherry-pick and install ...
(Full-Disclosure)