Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux's Security Through Obscurity

Posted by CmdrTaco on from the we-all-do-it-sometimes dept.

An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying 'If it's not a very public security issue already, I don't want a simple "git log + grep" to help find it.' Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe."

1 of 215 comments (clear)

  1. Scary stuff by synthespian · · Score: 0, Flamebait

    That was definitely scary reading...

    It's hopeless - security in Linux sucks.

    --
    Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts