Re: The big IDE fight in a different light

David Ford (david@kalifornia.com)
Fri, 21 Jul 2000 16:00:36 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Igmar Palsenberg: "Re: VM problems with 2.2.16"
Previous message: Frank v Waveren: "Re: disk-destroyer.c"
Maybe in reply to: Scott Long: "The big IDE fight in a different light"
Next in thread: David Hinds: "Re: The big IDE fight in a different light"

This is a multi-part message in MIME format.
--------------D2CEE880CB710143C2F6E244
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Andre Hedrick wrote:

> You forgot to include the kernel list
>
> On Fri, 21 Jul 2000, Michael W Zappe wrote:
>
> > In his defense, if Andre hadn't figured it out, and someone with shadier ethics did, it could be much worse. Exposing exploits is not a sin. I thought that the premise behing being "Open" was full disclosure. Or are we more interested in the "success" and acceptance of Linux rather than the principles everyone repeats.

Responsible full discloser however is a different subject. You -don't- have to post an exploit or even a working exploit for full discloser, and it IS considered proper etiquette to give the target two weeks to fix their issue BEFORE announcing to the world. Posting an exploit is for 99% of the crowd, only for the pleasure
of script kiddies. People in the know don't need an exploit to understand it. People who don't know how to do it get the exploit.

In LKML land, that means making the patch, speaking to the right people to get it finessed and proper and put into the release and dev kernels and not making a big public issue out of it until the kernel is done.

This whole thing is certainly important but the big mess about it was a useless waste of time. All it did was get people riled up and instead of responsibly putting the patch into the kernels, you're withdrawing it and developing another exploit for the SCSI system.

So in the end, we have exploits publicly available and refusal to provide protection. I appreciate your work Andre, but this is pure spitefulness.

Those of you that do have the patch Andre wrote, please make it available so someone can responsibly work on integrating it.

-d

-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."

--------------D2CEE880CB710143C2F6E244 Content-Type: text/x-vcard; charset=us-ascii; name="david.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Ford Content-Disposition: attachment; filename="david.vcf"

begin:vcard n:Ford;David x-mozilla-html:TRUE org:<img src="http://www.kalifornia.com/images/paradise.jpg"> adr:;;;;;; version:2.1 email;internet:david@kalifornia.com title:Blue Labs Developer x-mozilla-cpt:;-12480 fn:David Ford end:vcard

--------------D2CEE880CB710143C2F6E244--

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Igmar Palsenberg: "Re: VM problems with 2.2.16"
Previous message: Frank v Waveren: "Re: disk-destroyer.c"
Maybe in reply to: Scott Long: "The big IDE fight in a different light"
Next in thread: David Hinds: "Re: The big IDE fight in a different light"