On Thu, 13 Feb 2003, Aidan Kehoe wrote: >Date: Thu, 13 Feb 2003 08:44:09 +0000 >From: Aidan Kehoe <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Reply-To: [EMAIL PROTECTED] >Content-Type: text/plain; charset=iso-8859-15 >Subject: Re: Re: Security in new drivers > > Ar an 12ú lá de mí 2, scríobh Mike A. Harris : > > > Anything short of a specific example of a real security problem > > is nothing more than heresy. > >Don't get all dogmatic about it, Mike :-) .
Sorry, but I believe someone making claims of something being insecure, should do so with specific examples, or else their claims do not hold any water. There are implications that if their claim is true, and there are security problems that are known, that the developers do not seem to care about them, or else they would logically be fixed by now, and thus there would be no security problems. The developers of XFree86 drivers, including DRI/DRM are very security concious however, and any security problems that have been found in DRI/DRM and made known, have been addressed rather promptly. I think it would be rather insulting to these developers to insinuate that their are security holes in the code that they have known about, and have purposefully ignored. And if there are security holes in the code that they did not know about, then I'm sure that they would be greatful for someone who knows about them to tell them about these holes so they can be fixed. You can call me dogmatic if you like, but I just don't like seeing these kind of rumors go around, without setting things straight. If nobody sets the record straight, then before we know it, there is a huge rumor created out of the small rumor, and XFree86 and DRI get a bad rap for being insecure even though there are no actual true claims that have come forth to support that rumor. I will make no claims that there are NOT security holes, but I certainly do not know of any currently. If someone else knows of a real security hole, or holes in DRI/DRM, or in XFree86 that is non-hypothetical, please step forward and tell the developers what the problem is, so it can be addressed promptly. But please don't spread unfounded rumors about security issues. -- Mike A. Harris _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
