>
> On Wed, 16 Jul 2008,
pageexec@freemail.hu wrote:
>> you should check out the last few -stable releases then and see how
>> the announcement doesn't ever mention the word 'security' while fixing
>> security bugs
>
> Umm. What part of "they are just normal bugs" did you have issues with?
>
> I expressly told you that security bugs should not be marked as such,
> because bugs are bugs.
>
>> in other words, it's all the more reason to have the commit say it's
>> fixing a security issue.
>
> No.
>
>>> I'm just saying that why mark things, when the marking have no meaning?
>>> People who believe in them are just _wrong_.
>> what is wrong in particular?
>
> You have two cases:
>
> - people think the marking is somehow trustworthy.
>
> People are WRONG, and are misled by the partial markings, thinking that
> unmarked bugfixes are "less important". They aren't.
>
> - People don't think it matters
>
> People are right, and the marking is pointless.
>
> In either case it's just stupid to mark them. I don't want to do it,
> because I don't want to perpetuate the myth of "security fixes" as a
> separate thing from "plain regular bug fixes".
>
> They're all fixes. They're all important. As are new features, for that
> matter.
>
>> when you know that you're about to commit a patch that fixes a security
>> bug, why is it wrong to say so in the commit?
>
> It's pointless and wrong because it makes people think that other bugs
> aren't potential security fixes.
>
> What was unclear about that?
>
> Linus
