Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Mar 2013 10:12:53 +0800
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: handling of Linux kernel vulnerabilities (was:
 CVE request - Linux kernel: VFAT slab-based buffer overflow)

On Mon, Mar 04, 2013 at 05:44:38AM +0400, Solar Designer wrote:
> In my opinion, it'd be best if Linus, Greg, et al. would reconsider
> their approach.

Reconsider just what specifically?  You bring up a bunch of issues that
the distros need to consider, what can the Linux kernel security team do
differently?  We were asked to notify the linux-distro list, and now we
will be doing that.  Should we not and just go back to how things were
before?

> Overall, I think we should bite the bullet and accept sko's
> notifications to linux-distros, with a grace period of up to 7 days.
> Whenever a distro is ready to release an update, they should be able to
> insist on doing so within another 1 day, even if the initially planned
> grace period would expire later.  Would sko be OK with this?  Greg?

Again, I don't think anyone that is part of security@...nel.org minds
about having the issues publicized, after linux-distro has their time
to get things fixed and to their users.  If the linux-distro people care
about that, that does not seem to be a security@...nel.org group issue,
right?

totally confused,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ