remmers
|
|
Linus Torvalds on OpenBSD
| 
Jul 17 14:18 UTC 2008 |
Ran across this today at
http://article.gmane.org/gmane.linux.kernel/706950
-----------------------------------------------------------------------
From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: [stable] Linux 2.6.25.10
Newsgroups: gmane.linux.kernel
Date: 2008-07-15 16:13:03 GMT (1 day, 21 hours and 12 minutes ago)
On Tue, 15 Jul 2008, Linus Torvalds wrote:
>
> So as far as I'm concerned, "disclosing" is the fixing of the bug.
> It's the "look at the source" approach.
Btw, and you may not like this, since you are so focused on security,
one reason I refuse to bother with the whole security circus is that I
think it glorifies - and thus encourages - the wrong behavior.
It makes "heroes" out of security people, as if the people who don't
just fix normal bugs aren't as important.
In fact, all the boring normal bugs are _way_ more important, just
because there's a lot more of them. I don't think some spectacular
security hole should be glorified or cared about as being any more
"special" than a random spectacular crash due to bad locking.
Security people are often the black-and-white kind of people that I
can't stand. I think the OpenBSD crowd is a bunch of masturbating
monkeys, in that they make such a big deal about concentrating on
security to the point where they pretty much admit that nothing else
matters to them.
To me, security is important. But it's no less [sic] important than
everything *else* that is also important!
Linus
-----------------------------------------------------------------------
(I think Torvalds intended "more", not "less", in the last paragraph.)
|
nharmon
|
|
response 1 of 7:
|
Jul 17 15:33 UTC 2008 |
Oh, were you the adding [sic], I thought maybe Linus added [sic] which
made me go, "WOAH, wtf???"
I actually feel performance bugs are the most important because without
performance you can't really have any of the rest.
|
gull
|
|
response 3 of 7:
|
Jul 17 21:58 UTC 2008 |
I've run OpenBSD in the past, and I think they do some good work, but I
sure do steer a wide berth around all of the politics involved. I kind
of agree that their focus is a bit too narrow. When it comes to the BSD
world, I think FreeBSD is sort of the best of both worlds. They're more
interested in supporting new hardware and improving performance, and the
fixes for security holes that the OpenBSD folks find usually get ported
over.
One thing to keep in mind when comparing the BSD security model to
Linux's, though, is that the various BSD distributions make no claims at
all about the security of anything that isn't in the base system. They
don't do security notifications about problems in other software (the
"ports tree"); you're expected to keep track of those packages yourself.
Linux distributions tend to take a more supervisory role where they
track the security status of everything they make available.
|