Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 2 Oct 2023 13:08:45 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: "Linux Kernel security demistified"

On Mon, Oct 02, 2023 at 11:48:15AM +0400, Loganaden Velvindron wrote:
> On Mon, 2 Oct 2023 at 11:10, Greg KH <greg@...ah.com> wrote:
> >
> > On Sun, Oct 01, 2023 at 09:13:03PM +0200, Solar Designer wrote:
> > > There's also an upcoming Webinar:
> > >
> > > https://www.linuxfoundation.org/webinars/demystifying-the-linux-kernel-security-process
> > >
> > > > Demystifying the Linux Kernel Security Process
> > > > October 3, 2023 | 07:00 AM PDT (UTC-7)
> > > >
> > > > Join an interactive, complimentary Mentorship Session exploring
> > > > Demystifying the Linux Kernel Security Process with Greg Kroah-Hartman,
> > > > Kernel Maintainer & Fellow, The Linux Foundation
> > > >
> > > > There is a lot of misunderstanding about how the Linux kernel deals with
> > > > security vulnerabilities.  This talk will go into how the Linux kernel
> > > > security team works, how changes are propagated out to the public, and
> > > > how users must take advantage of these changes in order to have a secure
> > > > system.
> >
> > It's going to be much the same talk, with only minor tweaks as I forgot
> > some points I wanted to make in the first one.
> >
> > Thanks for the link to my slides and presentation, glad to see that
> > information get spread wider!
> >
> It was a very insightful talk. However, I'm not sure whether companies
> would even be willing to start a conversation with an open source
> community without
> an NDA being signed.

Then those companies are not going to get very far, sorry.

We've been working this way for Linux for a very long time now, and it's
worked very well without any NDAs.  For good reasons, you never want to
sign one as it turns out to make the info you learn in them _more_
likely to leak, talk to a lawyer for all the fun details.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.