Sorry if I was not clear enough, I meant in the commit comments. I agree, you need about a brain and a half to spot kernel bugs in the code itself...
On Thu, 17 Jul 2008 10:58:03 -0400 Paul Schmehl <[EMAIL PROTECTED]> wrote: >--On Thursday, July 17, 2008 10:35:21 -0400 Elazar Broad ><[EMAIL PROTECTED]> >wrote: > >> I could understand why Linus is against classifying a commit >> comment in his branch or in a any unstable branch for that >> matter...then again, the repositories are open, and anyone with >> half a brain might be able to discern what has security >> ramifications or not. > >Apparently this isn't as true as you'd like to think. If it were, >the folks >who write the code would have caught it to begin with. After all, >anyone who >can write kernel code that works has *at least* half a brain, >wouldn't you say? > >The truth is, there is a very small pool of people smart enough, >educated >enough and familiar with the code in question enough to actually >spot security >problems in the code. Those folks are worth their weight in gold, >but in many >cases they do it for the pure pleasure of finding the bugs. They >also only >focus on those things that interest them, so the number of people >actually >looking for security issues in the LInux kernel code is >infinitesimally small >compared to the number of people who use the compiled product. > >Claiming that "anyone with half a brain" can spot security >problems in code >belittles both those who actually can and all those who cannot but >want to be >informed about them so they can protect themselves. > >-- >Paul Schmehl >As if it wasn't already obvious, >my opinions are my own and not >those of my employer. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Click to become a master chef, own a restaurant and make millions. http://tagline.hushmail.com/fc/Ioyw6h4eAFcOJbfoL5Wwa5NEmtU7vhJkF49lH3FbZ1YKdjbrwlfVgs/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
