Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers
Published:
18 January 2005 y., Tuesday
Linux creator Linus Torvalds had a few things to say this week about the way potential security issues are disclosed to fellow open sourcers. And it wasn't all good.
His comments came as part of a mailing list discussion among kernel developers about creating a security contact point for people to use when potential kernel security issues arise.
According to kernel developer Chris Wright,who began the discussion thread, kernel security issues are currently discussed in multiple locations, including the Linux Kernel mailing list, Kernel maintainers and the limited access vendor-sec mailing list. Membership to the vendor-sec mailing list is decided by consensus among existing members, which includes most of the major Linux distributions. In addition, security advisories discussed on the list are embargoed so vendors have time to prepare fixes before full public disclosure.
Torvalds responded that the idea of a central contact point sounded like a good thing to have, as is maintaining limited access. However, he said he is strongly opposed to an embargo on the list for a variety of reasons.
"I'd be very happy with a 'private' list in the sense that people wouldn't feel pressured to fix it that day," Torvalds wrote. "And I think it makes sense to have some policy where we don't necessarily make them public immediately in order to give people the time to discuss them. But it should be very clear that no entity (neither the reporter nor any particular vendor/developer) can require silence, or ask for anything more than 'let's find the right solution.'
Šaltinis:
internetnews.com
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
search.lt presents newest links
more »
A new e-mail worm that's just beginning to wiggle its way across the Internet scours infected computers for image files containing child pornography, and alerts government agencies if any suspicious files are discovered.
more »
Two Teen Tech Titans Make the Grade
more »
The news that the Meta Group has found that between 65 and 75 percent of WAP users in Europe and Asia are no longer using their WAP services via their mobile phones, is indicative of this market segment.
more »
Trust services firm VeriSign Inc., owner of Network Solutions Inc., the largest registry/registrar in the world, Thursday threw the switch on its long-running Domain-Policy mailing list.
more »
If a Canadian firm successfully follows through with plans to retransmit network television content over the Internet, the multibillion-dollar entertainment industry could be thrown into the same sort of turmoil that the music industry faced because of th
more »
Criminal charges were brought against 90 people and companies Wednesday as part of a joint operation between the Justice Department and the National White Collar Crime Center -- charged with cutting down on Internet fraud.
more »
America Online, Inc.'s Instant Messenger service (AIM) is now available to VoiceStream Corp.'s 4 million subscribers.
more »
The web is often thought of either as a lawless place, filled with pornographers, gamblers, criminals and anarchists, or a vast virtual shopping mall where hordes of crazed consumers are feverishly maxing out their credit cards.
more »
search.lt presents newest links
more »