linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Diego Calleja <diegocg@gmail.com>
To: Chris Wright <chrisw@osdl.org>
Cc: juhl-lkml@dif.dk, steve@rueb.com, linux-kernel@vger.kernel.org
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
Date: Tue, 11 Jan 2005 02:09:31 +0100	[thread overview]
Message-ID: <20050111020931.3acbf4b9.diegocg@gmail.com> (raw)
In-Reply-To: <20050110164001.Q469@build.pdx.osdl.net>

El Mon, 10 Jan 2005 16:40:02 -0800 Chris Wright <chrisw@osdl.org> escribió:

> Problem is, the rest of the world uses a security contact for reporting
> security sensitive bugs to project maintainers and coordinating
> disclosures.  I think it would be good for the kernel to do that as well.

(somewhat OT..)

Perhaps it's just me, but i think it'd be nice that a new kernel version is
released every time a security issue is found.

Yes, vendors update their kernels themselves, but there's a *lot* of people
in linux who run kernel.org kernels, and it's hopefully to keep working
that way.

Those people  can also update themselves their kernel, also true. But the
security issues found in linux are not announced anywhere but mailing list
and sites like slashdot. Many people who run kernels from kernel.org don't
read slashdot or mailing lists and don't that there's a need of updating their
kernels. A new kernel version every time a security issue is found would help
for those people, or at least a "security updates" section in kernel.org's
webpage. Right now there's no "official" way of announcing those updates, and
I think it's a serious lack for a OS which is so widely used.

  reply	other threads:[~2005-01-11  1:17 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-10 16:46 Steve Bergman
2005-01-10 18:23 ` Indrek Kruusa
2005-01-10 19:24 ` Alan Cox
2005-01-11  9:32   ` Florian Weimer
2005-01-10 21:31 ` Florian Weimer
2005-01-10 21:42   ` Steve Bergman
2005-01-10 22:08     ` Diego Calleja
2005-01-11  0:19       ` Barry K. Nathan
2005-01-11  0:45         ` Diego Calleja
2005-01-11  9:35         ` Florian Weimer
2005-01-11 16:57         ` Jesper Juhl
2005-01-11 17:05           ` Jan Engelhardt
2005-01-10 22:09     ` linux-os
2005-01-11  0:44       ` Barry K. Nathan
2005-01-10 22:11     ` Jesper Juhl
2005-01-11  0:40       ` Chris Wright
2005-01-11  1:09         ` Diego Calleja [this message]
2005-01-11  1:18           ` Chris Wright
2005-01-11 17:05         ` Jesper Juhl
2005-01-11 16:39           ` Alan Cox
2005-01-11 21:25             ` Jesper Juhl
2005-01-11 21:29               ` Chris Wright
2005-01-12 21:05                 ` Jesper Juhl
2005-01-17 22:49                 ` Werner Almesberger
2005-01-17 22:52                   ` Chris Wright
2005-01-17 23:23                     ` Christoph Hellwig
2005-01-17 23:26                       ` Chris Wright
2005-01-17 23:57                         ` Alan Cox
2005-01-18  1:08                           ` Chris Wright
2005-01-11 17:57           ` Chris Wright
2005-01-12 12:23           ` Florian Weimer
2005-01-11  9:49       ` Florian Weimer
2005-01-11 16:10     ` Alan Cox
2005-01-12 12:33       ` Florian Weimer
2005-01-13 15:36         ` Alan Cox
     [not found] <200501101959.j0AJxUvl032294@laptop11.inf.utfsm.cl>
2005-01-10 21:36 ` Indrek Kruusa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050111020931.3acbf4b9.diegocg@gmail.com \
    --to=diegocg@gmail.com \
    --cc=chrisw@osdl.org \
    --cc=juhl-lkml@dif.dk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=steve@rueb.com \
    --subject='Re: Proper procedure for reporting possible security vulnerabilities?' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).