if ppl stop giving "special" consideration to security, the quality of security enforcement could come down. Ideally we like to "clean" all bugs. But as is pointed out, bugs are many. Prioritizing bugs and "dealing with a strong deadline" is vitally important. classification of bugs into domain is the most effective way to deal with them. Not only does it help people concerened in the area to be aware..fast. but also it helps in "discussiong" it with like-minded people. Posting a security bug in a general list will prove a little hard, as the people may not know what meat-in-the middle, priviledge escalation..etc mean. Its just bare stupidity to "clout" the bug space by generalizing it. One more point, The security bugs are important because the harm done is usually "crafted", with "bad intentions" and "on purpose". It also leads to financial "theft" an d"crimes" than just the normal loss of data or worktime(as in normal bug). You could get pennnalized as abeiting the crime. But a gui crash is always less severe. People can quickly loose trust in the software and the services that depend on them can be irrecoverabliy damaged. Think about it.... there are more people engaged in penetrating, propagating security holes than filing common bug reports.... it definitely isnt a time-waster for them.
Hats of to open bsd people... its my second best distro for my boundary router/firewall(if i dont use cisco that is.). My first choice will be a kernel i "audited" myself... since i cant invest in it... openbsd does a good job too... ;) On Wed, Jul 16, 2008 at 11:03 PM, Siju George <[EMAIL PROTECTED]> wrote: > http://article.gmane.org/gmane.linux.kernel/706950 > > Again a mis representation in pulic? > > --Siju > > -- As soon as men decide that all means are permitted to fight an evil, then their good becomes indistinguishable from the evil that they set out to destroy. - Christopher Dawson, The Judgment of Nations
