-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Damn that sucks. I think stable releases need every patch audited before they get Linus' blessing, and unfortunately it seems we don't have the required 150+ people jumping up to volunteer. :(
Yes I have unrealistic goals. Sane, but unrealistic. Perhaps collaboration with the major distributions to volunteer developers to do the auditing? We need SOMETHING; there's been too much line noise here about kernel security holes. Whether this is new or people are just noticing and overreacting now, it's still not good. Unfortunately, "Something" requires manpower. Manpower requires people who aren't busy doing other things, like improving preemptiveness, rewriting the VM system, enhancing the scheduler, or writing new drivers. And unfortunately, not only is everyone busy with all of that; but we NEED all of that too. Well, maybe you can't start up a group now, or implement audit policy; but perhaps the invitation needs to be there. I see there are no -audit or -security lists on vger; perhaps somebody should start a [EMAIL PROTECTED] list just to get the ball rolling. If it grows big enough, then you can consider some policy about having the changes audited FIRST before releasing; for now that's just not feasible. Dave Jones wrote: > On Mon, Jan 17, 2005 at 02:17:37AM -0500, John Richard Moser wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Is there an official Linux Kernel Audit Project to actively and > > aggressively security audit all patches going into the Linux Kernel, or > > do they just get a cursory scan for bugs and obvious screwups? > > There were at least two such projects that crashed and burned > that I recall, the last was "active" about 3 years ago, and > accomplished very little. > > Dave > - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB622KhDd4aOud5P8RAnJcAJ4n9Pt6JbYRlu2cmSTt91xM7IO8fACffUA7 rzoWMpWXPrNUxk+v/fDNeN8= =Mxal -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
