big deal about concentrating on security

Im Rahmen einer Bug-Recherche bin ich über folgende interessante Aussage von Linus Torvalds über BSD und Security gestossen. Dies lasse ich jetzt mal so unkommentiert:

From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: [stable] Linux 2.6.25.10
Newsgroups: gmane.linux.kernel
Date: 2008-07-15 16:13:03 GMT (2 years, 19 weeks, 2 days, 10 hours and 20 minutes ago)

On Tue, 15 Jul 2008, Linus Torvalds wrote:
> 
> So as far as I'm concerned, "disclosing" is the fixing of the bug. It's 
> the "look at the source" approach.

Btw, and you may not like this, since you are so focused on security, one 
reason I refuse to bother with the whole security circus is that I think 
it glorifies - and thus encourages - the wrong behavior.

It makes "heroes" out of security people, as if the people who don't just 
fix normal bugs aren't as important.

In fact, all the boring normal bugs are _way_ more important, just because 
there's a lot more of them. I don't think some spectacular security hole 
should be glorified or cared about as being any more "special" than a 
random spectacular crash due to bad locking.

Security people are often the black-and-white kind of people that I can't 
stand. I think the OpenBSD crowd is a bunch of masturbating monkeys, in 
that they make such a big deal about concentrating on security to the 
point where they pretty much admit that nothing else matters to them.

To me, security is important. But it's no less important than everything 
*else* that is also important!

			Linus

1 thought on “big deal about concentrating on security”

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert