Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers
Published:
18 January 2005 y., Tuesday
Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers. And it wasn't all good.
His comments came as part of a mailing list discussion among kernel developers about creating a security contact point for people to use when potential kernel security issues arise.
According to kernel developer Chris Wright,who began the discussion thread, kernel security issues are currently discussed in multiple locations, including the Linux Kernel mailing list, Kernel maintainers and the limited access vendor-sec mailing list. Membership to the vendor-sec mailing list is decided by consensus among existing members, which includes most of the major Linux distributions. In addition, security advisories discussed on the list are embargoed so vendors have time to prepare fixes before full public disclosure.
Torvalds responded that the idea of a central contact point sounded like a good thing to have, as is maintaining limited access. However, he said he is strongly opposed to an embargo on the list for a variety of reasons.
"I'd be very happy with a 'private' list in the sense that people wouldn't feel pressured to fix it that day," Torvalds wrote. "And I think it makes sense to have some policy where we don't necessarily make them public immediately in order to give people the time to discuss them. But it should be very clear that no entity (neither the reporter nor any particular vendor/developer) can require silence, or ask for anything more than 'let's find the right solution.'
Šaltinis:
internetnews.com
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
The iPhone's new “ATM Hunter” is a a free iPhone application built by MasterCard that allows users to quickly find the ATMs that are closest to them.
more »
In security breach cases last year, such as Hannaford Bros. supermarket and the card processing firm Heartland Payment Systems, cybercriminals gained access to millions of consumers' credit card details.
more »
Ingenico, a provider of payment solutions, says contactless technology will split the retail market this year, improving sales figures for early adopters and costing those who shun the additional investment in this burgeoning technology.
more »
Widevine Technologies today announced that the US Patent and Trademark Office has reconfirmed the validity of many claims of Widevine's U.S.
more »
Nokia Corp., the world's largest maker of cell phones, is making a large investment in California-based Obopay Inc., a startup that's pushing person-to-person mobile-payments technology.
more »
The increasing amount of overlap and duplication of data, tasks and processes in their anti-fraud and anti-money laundering divisions is driving banks to seek synergies between compliance, risk management and security, according to a new report from Datamonitor.
more »
The total number of IPTV subscribers worldwide passed the 20mn mark at the end of 2008, according to new figures from Informa Telecoms & Media, taking into account both disclosed and estimated figures.
more »
The IPTV World Forum opened its doors this morning on a bright London day, and the mood was equally optimistic indoors, with the conference rooms packed for keynote presentations from Christopher Schläffer of Deutsche Telekom, Christophe Forax from the European Commission and the BBC's Richard Halton, charged with making Project Canvas a reality.
more »
A new Gartner Inc. report suggests that financial fraud could drive consumers away from banks and into the arms of electronic payment systems, such as PayPal, that they perceive to be more secure.
more »
In the last year this more than doubles the number of cards and devices in circulation around the world.
more »