Robert Brockway wrote:
On Wed, 2 Mar 2005, Eric Gaumer wrote:I believe this to be a bit of an over statement. Perhaps "know issues"Hi Eric. I disagree. See below.If, however, you are a desktop user who enjoys tinkering with things then I encourage you to use upstream sources. If you find issues then report these bugs so that they get fixed. There is a definite need for testers so don't shy away from upstream sources because of some rumor you heard some individual claim.Well since you don't believe me on this (or other :) issues, read Alan's words: http://lkml.org/lkml/2005/1/13/236 Read the remainder of the thread. No one contradicts his assertion that 2.6 is shipping with known security holes. This was the time for another developer to stand up and disagree but not one of them did. In fact the remainder of the thread pertains to a non-security related problem with smbfs in 2.6.10. I think it is pretty clear cut but each person can make up their own mind.
Yea, yea... I'm on the list so I've read the thread. I don't see a security related bug in that entire thread. All I see is an assertion that XFS is broke and Hellwig states that the ac patch is what broke it. Alan admits to catering to vendor-security work and that Linus doesn't. The tone of this statement should clearly indicate that there is some animosity there. You've taken the thread out of context and unless you read the interaction between kernel developers daily then you don't get a clear picture. The new development cycle has been a very controversial decision. All that aside, as I stated earlier you can pull from the ac tree and "supposedly" get all these security fixes that Alan speaks of. It's still upstream kernel source. I'm not getting your case, I just want to clarify things so that people can make their own decisions without being affected by bias opinions. -Eric -- "Imagination is more important than knowledge." - Albert Einstein
Attachment:
signature.asc
Description: OpenPGP digital signature