Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Security release pre-announcement messages
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Greg KH <greg () kroah com>
Date: Fri, 26 Jul 2019 10:16:40 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Fri, Jul 26, 2019 at 10:14:08AM +0200, Greg KH wrote:
On Thu, Jul 25, 2019 at 09:35:45PM +0000, Stiepan wrote:
I would like to congratulate the teams that do that. If public
disclosure is deemed too dangerous before a patch is available, this
looks like The reasonable tradeoff. Wish it was the same with Linux...
I too want a pony :)
Rationale: people could switch meanwhile to a known safe kernel. That
would provide peace of mind to the "rest of us" who don't have the
keys to the linux-distros kingdom of the elected few, yet wish to have
secure OSes, without a window of vulnerability open to whoever hacked
into the elected few's machines (or are entitled another way to this
secret information).
It would also make Linux governance way more democratic, which seems
to be a must for such a "too big to fail" core open-source software.
The "best known safe kernel" is the latest one we release from the
stable kernel series. It has all of the fixes that that the kernel
developers possibly know about at that point in time.
There's no need to worry about being on linux-distros or anything else,
just keep updating your kernel, test in in your infrastructure to ensure
it all works properly, and then push it out to all of your other systems
and all is good.
And before all of the usual objections take place, please read this long
write up:
http://kroah.com/log/blog/2018/02/05/linux-kernel-release-model/
specifically the "Security" section for details as to why the kernel
does not do "pre-release" announcements.
thanks,
greg k-h
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Stuart Henderson (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Mikhail Klementev (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Amos Jeffries (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Ian Zimmerman (Jul 22)
Security release pre-announcement messages Douglas Bagnall (Jul 24)
Re: Security release pre-announcement messages Stiepan (Jul 26)
Re: Security release pre-announcement messages Greg KH (Jul 26)
Re: Security release pre-announcement messages Greg KH (Jul 26)
Re: Security release pre-announcement messages Stiepan (Jul 26)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Eric Blake (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Heiko Schlittermann (Jul 22)
Re: CVE-2019-13917 OVE-20190718-0006: Exim: security release ahead Solar Designer (Jul 26)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->