Linux Today: Linux News On Internet Time.

KernelTrap: Reporting Kernel Security Issues

Jan 14, 2005, 20:30 (0 Talkback[s])

"A lengthy and interesting thread was started on the lkml by Chris Wright looking to define a centralized place to report security issues in the Linux Kernel. Chris offered his services in getting things set up, addressing his email to Linus Torvalds, Andrew Morton, Alan Cox and Marcelo Tosatti. He explained that he wanted to centralize the information 'to help track it, make sure things don't fall through the cracks, and make sure of timely fix and disclosure.' The resulting discussion was joined by numerous members of the kernel hacking community, exposing a wide range of opinions.

"Linus agreed that it sounded like a good idea, but qualified this by adding, 'the _only_ requirement that I have is that there be no stupid embargo on the list. Any list with a time limit (vendor-sec) I will not have anything to do with...'"

Complete Story

Related Stories: