On Tue, 15 Jul 2008, pageexec@freemail.hu wrote:
quoted text
> 
> so guys (meaning not only Greg but Andrew, Linus, et al.), when will you
> publicly explain why you're covering up security impact of bugs? and even
> more importantly, when will you change your policy or bring your process
> in line with what you declared?

We went through this discussion a couple of weeks ago, and I had 
absolutely zero interest in explaining it again.

I personally don't like embargoes. I don't think they work. That means 
that I want to fix things asap. But that also means that there is never a 
time when you can "let people know", except when it's not an issue any 
more, at which point there is no _point_ in letting people know any more.

So I personally consider security bugs to be just "normal bugs". I don't 
cover them up, but I also don't have any reason what-so-ever to think it's 
a good idea to track them and announce them as something special. 

So there is no "policy". Nor is it likely to change. 

			Linus
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/