[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel 2.6.11

Seeker5528 wrote:
On Wed, 2 Mar 2005 15:43:24 -0500 (EST)
Robert Brockway <rbrockway@opentrend.net> wrote:

Well since you don't believe me on this (or other :) issues, read
Alan's words:


What was said elsewhere:



"Cox said that Torvalds does not always let people know when he has
fixed a security bug in the kernel. This can be a problem as the patch
will take a while to make it to production, which means that hackers can
exploit the vulnerability before it is made available to individuals and
enterprises running Linux.

"Linus has this bad habit of fixing security holes quietly," said Cox.
"This is a bad idea as some people read all the kernel patches to find
the security holes.""

Same guy saying the same thing. Big deal. This actually contradicts his first argument that
Linus releases code with known security holes. Now Alan is saying Linus fixes security holes
and doesn't tell anyone. So which is it?

Use your head and think with your own mind. Don't buy into all the things you hear unless
you have _actual_ proof that this is the case. The vendors do a lot of work to *stabilize* the kernel
but if you think they fix everything (security or otherwise) then you're very naive. Where do you
think Debian gets most of it patches from? The -as tree...

You need to stop reading all the opinion columns are start reading the kernel list archives. You
can follow a different patchset/maintainer who isn't as "on the edge" as Linus. If you don't have
the time to do that then you are probably better off with a vendor kernel. If you really want to argue
the point, then I'd say that upstream source is more secure then vendor stuff. Pulling from BK gives
you that days work. Even if say RedHat finds a security hole, they have to patch it and get it out
to the masses. Guess where that code ends up first? Upstream. I'll be able to pull it in before RH
even has packages made.

A new versioning has been put into effect anyway. The new system will provide end users with a tree
that's not so volatile and makes the vendors life easier.


"Education is what remains after one has forgotten everything he learned in school."
	- Albert Einstein

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: