An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying "If
it's not a very public security issue already, I don't want a simple 'git log + grep' to help find it." Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe. Slashdot readers are encouraged to voice your concerns on LKML in order to remind the kernel developers of the values of openness for security."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Linux's Security Through Obscurity 0 Comments More Login /
Get More Comments