Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torvalds on the Linux Security Process

Posted by michael on from the lockdown dept.

darthcamaro writes "Linus Torvalds thinks that Linux kernel security disclsoure should be completely open and he really doesn't like the vendor-security model of having a time embargo on security disclosure. 'I think kernel bugs should be fixed as soon as humanly possible, and any delay is basically just about making excuses,' Torvalds wrote. 'And that means that as many people as possible should know about the problem as early as possible, because any closed list (or even just anybody sending a message to me personally) just increases the risk of the thing getting lost and delayed for the wrong reasons.'"

6 of 280 comments (clear)

  1. You should listen to him... by Anonymous Coward · · Score: 3, Funny

    ...he propably knows what he's talking about.

  2. What !? by Squatchman · · Score: 5, Funny

    kernel bugs

    Thou shalt not speak ill of the linux kernel!

    Oh wait, it's Linus.

  3. Closed Security by thegnu · · Score: 5, Funny

    I've never really gotten the mechanism whereby software giants keep their software secure by not telling anyone about the security hole until it's fixed. First, we know about information leaks. Secondly, it's terribly profitable for some people to sit around and figure out security holes so they can steal from people.

    Especially in the position that Microsoft is in, with the lion's share of the market, and a supposed interest in keeping my data secure, I would assume that the first move would be to notify their customers of any security hole that might be potentially harmful to me. Given the number of them, I guess it would keep my mailbox full, but I wouldn't mind.

    Oh, I don't use Windows. Nevermind. Yay for Linux (and Linus)!

    --
    Please stop stalking me, bro.
  4. Re:Summation of the article by Stevyn · · Score: 5, Funny

    Yeah, like Service Pack 2. That's got a firewall and everything!

  5. No No No! by af_robot · · Score: 1, Funny

    That guy is not right!!
    All you need to keep Linux computer secure:
    1) enable *by default* build-in kernel firewall to reject all incoming connections
    2) keep your kernel up to date, by autodownloading & installing patches from kernelupdates.linux.org
    3) build antivirus *inside* linux kernel and insure that you have latest antivirus and exploits definifins.

    I don't understand why are you, linux users, don't come with that simple idea long time ago! If every linux users will follow this three simple steps then no one from internet will be able to hack or exploit your computer.

  6. Re:I LOVE slashdot. by Anonymous Coward · · Score: 2, Funny

    Actually, things are much worse than that.

    If Gates says this, people think: "Ah, a Linux based firewall/router, to protect my MSWindows systems!"
    Realistically, that's not a bad idea.

    If Torvalds says this, people think: "what should I now protect my system with? A Linux firewall doesn't make sense..."

    So there again MSWindows scores! With MSWindows, you can add Linux as an extra layer of protection, with Linux, it doesn't make sense!

    1-0 for Win vs Lin!