previously on this list Thorsten Glaser contributed: > > "Debian policy should require that in every source package all security > > packages should be clearly marked as such in standard and easily parsable > > way with optional further references." > > Veto because the security impact of bugs is disputable, and > probably 100% of all patches: > > http://www.insanitybit.com/2012/06/02/linus-torvalds-all-bugs-are-created- > equal-9/
? Doesn't that page argue against your 'veto'? I can understand Linus not wanting to have to decide if there is any security relevence in each change or be accused of missing some when he of course would especially when he has said he can't keep up with the many commits and so must want to accelerate and not decelerate the process. I used to look through the commits when I could in order to decide whether to update the kernel more often than every other release and whilst some were obvious or even mentioned security I wondered what level of collaboration went on between distros to work out which had security implications or whether seperate processes helped spot more or not and just created more work. In any case once publicly known and sooner the better it is surely better to inform at every opportunity. p.s. Security is never black and white and I hate the same people, funny that, like reading your stars. There is lots of mis-information and lies about OpenBSD out there. I notice the page doesn't disclose any of his supposed findings or say very much at all. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/406410.91532...@smtp109.mail.ir2.yahoo.com
