Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporting Kernel Security Issues

Posted by timothy on from the top-men-are-working-on-it dept.

Omniscientist writes "A recent post on KernelTrap details the lkml post by Chris Wright talking about a centralized place to report security issues pertaining to the Linux Kernel and the discussion that was generated by it, including Chris's followup. It would appear that they now have created a security team to privately handle the bugs, who act as the alternative to reporting the flaw to the public immediately."

2 of 75 comments (clear)

  1. Re:Good idea? partially? by essreenim · · Score: 4, Interesting
    A single point of contact is a good thing in my book.

    As long as it is ALWAYS mirrored and PUBLIC. I do,nt agree with their idea to make encrypted bug reports preferable, digitally signed maybe but not encrypted. I can totally understand why Linus would be against it.

  2. make stable kernel bugs private? by essreenim · · Score: 5, Interesting
    What bout this: a) all [unstable development kernel e.g 2.6.1] bugs get published "public" - each and every person can snoop around and either help fix it - or instead try to exploit it (even moreso, keep on exploiting it on "unpatched" systems long time after) But, keep [stable kernels] private.