The Case For Full Disclosure In The Linux Changelog

titurel writes: "This article on SecurityFocus takes up some interesting thoughts about how Alan Cox's choice not to unveil securitychanges in the kernel changelog could affect other developers." And Jon Lasser is no security dummy -- Along with Jay Beale, he's one of the guys behind Bastille Linux, and the author of the excellent Think Unix.

Re:diff the code?

[Fruit]

... then you have to hide the fact that they are usefull for anything ...

"grammar nazi"? Oh, you're from Germany. Figures.

I am feeding a troll, oh well

[einhverfr]

Well, since I have no way to know if security holes
exist in the Linux kernel, I will have to switch
to another operating system that I can verify problems
with. Obviously if people think Linux can be run
in a production environment before, it won't be now.
Good thing for the BSDs at least. :)

OpenBSD says no REMOTE security holes in 4 years in the default installation. This is a far cry from saying now holes.

I really respect *BSD. In many instances, I think that it is somewhat more mature for some tasks than Linux. However, that does not change the argument that OpenBSD is secure because of distrobution issues more than kernel issues. And there are similar Linux distributions, such as Trustix which apply the same mentality. You, sir, are a troll.