Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Case For Full Disclosure In The Linux Changelog

Posted by timothy on from the asking-and-telling dept.

titurel writes: "This article on SecurityFocus takes up some interesting thoughts about how Alan Cox's choice not to unveil securitychanges in the kernel changelog could affect other developers." And Jon Lasser is no security dummy -- Along with Jay Beale, he's one of the guys behind Bastille Linux, and the author of the excellent Think Unix.

6 of 234 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  2. Re:Shhhh, Keep this news a secret! by Anonymous Coward · · Score: 2, Funny

    Thank you for discosing your meta-discosure position on discosing discosed information.

    I will now disclothe for all the non-disclosure people in this room. Thank you.

  3. Re:diff the code? by grammar+nazi · · Score: 5, Funny
    WATCH WHAT YOU SAY!!

    If you keep speaking like that, peterdaly, then diff might become a circumvention device under the DMCA and thus, will be banned in the United States.

    If you want to keep various GNU Tools such as diff, cat, cp, and ghex, then you have to hide the fact that they are usefull for anything other than taking up space. Otherwise we risk them becoming circumvention devices under the DMCA.

    --

    Keeping /. free of grammatical errors for ~5 years.
  4. A better excuse for non-full disclosure by Kirkoff · · Score: 5, Funny
    Alan Cox could just use the Linux Comment System(TM). You know, how Linus will implement a whole new VM and the changelog states "VM Fixes." Using Linus's model for this, Alan Cox would definatly just state "Fixed security issues" for most any bug. Heck, he could even put it in the "Random Fixes" catchall. Then all Alan has to do is run around saying to people stuff like "I don't really care about Micro*cough* - The DMCA. It bores me."

    Maybe we would all do better following Linus's methods. Let's say you need to turn in an Essay on Lord Of The Flys, it's simple:
    • Essay Pre-1 "Plane crash"
    • Essay Pre-2 "Establish democrasy"
    • Essay Pre-2 "formed resitance"
    • Essay Pre-3 "War - people died"
    • Essay Pre-4 "Ship arrives restored grownups"


    As you can see, this eases your everyday life. It gets rid of the unintended problems that spring from caring about anything but the task at hand.

    --Josh
    --
    There are exactly 42,935,718 letter sized sheets in a square mile.
  5. M.I.B's by GISboy · · Score: 2, Funny

    Elias Levy wrote an eloquent rebuttal to the Microsoft essay. But I'd like to zero on in one particularly egregious claim Culp makes in his argument: that an administrator "doesn't need to know how a vulnerability works in order to understand how to protect against it."

    The M.I.B's (Microsofties In Black)would be proud.

    Just claim "you don't need to know".

    And the 'Little Flashie Thingies' don't hurt either.

    --
    If it is not on fire, it is a software problem.
  6. jesus you really dont get it do you. by Anonymous Coward · · Score: 1, Funny

    he was taking the piss!!