Torvalds Criticizes Security Approaches

Published: 18 January 2005 y., Tuesday
Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers. And it wasn't all good. His comments came as part of a mailing list discussion among kernel developers about creating a security contact point for people to use when potential kernel security issues arise. According to kernel developer Chris Wright,who began the discussion thread, kernel security issues are currently discussed in multiple locations, including the Linux Kernel mailing list, Kernel maintainers and the limited access vendor-sec mailing list. Membership to the vendor-sec mailing list is decided by consensus among existing members, which includes most of the major Linux distributions. In addition, security advisories discussed on the list are embargoed so vendors have time to prepare fixes before full public disclosure. Torvalds responded that the idea of a central contact point sounded like a good thing to have, as is maintaining limited access. However, he said he is strongly opposed to an embargo on the list for a variety of reasons. "I'd be very happy with a 'private' list in the sense that people wouldn't feel pressured to fix it that day," Torvalds wrote. "And I think it makes sense to have some policy where we don't necessarily make them public immediately in order to give people the time to discuss them. But it should be very clear that no entity (neither the reporter nor any particular vendor/developer) can require silence, or ask for anything more than 'let's find the right solution.'
Šaltinis: internetnews.com
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Associated articles

Gemalto Teams Up with Venezuelan Bankcard Market Leaders to Accelerate EMV Migration

Gemalto teaming up with two banking technology leaders to help banks in Venezuela move to a new, high-tech smart credit card that will better protect their customers from fraud and identity theft. more »

Thanks to the new Bull supercomputer for the Jülich Research Center

The new Bull HPC-FF1 supercomputer with 100 Teraflops-capacity will host applications for the European Union Fusion community. more »

Gemalto reports fourth quarter and full year 2008 revenue

Gemalto, the world leader in digital security today announced its revenue for the full year and fourth quarter of 2008. more »

Wincor World 2009: keen interest in combined solution portfolio

Wincor World 2009, which was held in Paderborn from January 20 to 22, has once more proven to be the place where experts from retail banking and retailers gather, even in times of economic crisis. more »

Motorola Honored with Prestigious iF Product Design Award

Motorola Inc. announced it has been recognized with one of the world’s foremost industrial design honors, an iF product design award. more »

Parliament online this week: the key issues

The EU’s antiterrorism coordinator, Gilles de Kerchove, and Interpol representatives, will brief MEPs on Thursday about progress in combating terrorism. more »

Tesco, Poland's leading retail enterprise, awards service contract to Wincor Nixdorf

The Tesco retail chain in Poland has chosen Wincor Nixdorf to maintain its 4,600-strong estate of POS systems and servers from different vendors. more »

Gemalto Provides Kingdom of Bahrain with Additional One Million New-Generation e-ID Cards

Gemalto, the world leader in digital security, announces it will deliver an additional one million of its latest generation electronic ID cards for citizens and residents of the Kingdom of Bahrain. more »

China's Largest CAD/CAM Software Developer Selects Aladdin HASP SRM

CAXA increases sales and reduces costs with Aladdin HASP SRM. more »

OPT chooses Bull to launch innovative telecommunications services

Bull extends the deployment of Comptel Dynamic OSS, at the heart of the telco's information systems. more »