Linux's Security Through Obscurity

An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying 'If it's not a very public security issue already, I don't want a simple "git log + grep" to help find it.' Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe."

"Sorry for RTFA"?

[argent]

*snort*

And I thought I'd seen every variant on the usual Slashdot in-jokes.

You win a gold star.

Re:The idealistic young become the cynical old.

[neuromancer23]

"Get off my lawn!" - Linus Torvalds

Re:The idealistic young become the cynical old.

[TheGreek]

Not all security-related bugs are easily identifiable as such. And even if they were, and then they were marked as such, do you really want the changelog easily greppable by them?

"Dear God, won't somebody please think of the children?"

Re:The idealistic young become the cynical old.

[dotancohen]

"Dear God, won't somebody please think of the children?"

Actually, as a kernel issue, this affects all the system threads.