On Sat, May 24, 2003 at 02:34:17PM -0400, Matt Zimmerman wrote: > What benefit is there in not announcing these problems? Security through > obscurity? How can we inform our users of their exposure when we are not > informed ourselves about security problems?
Noise. You can's accnounce every possibly security-related fix found by an audit - note that it's not clear whether it actually _is_ security-relevant at this point and certainly no one wrote an exploit for it. > It is infortunate if this must sometimes happen, but hopefully it is an > exception, and in those cases we will need to rebuild modules and provide > for both kernel images to be installed at once. It's not an exception. Fixes can and will change the ABI all the time. You should not expect to be able to load a binary kernel module into _any_ other one than the one it was compiled against. Sometimes security fixes may even break the source API. (remember the dcache issues in 2.2.<early>?).
