Friday, November 20, 2009
Ran across this old gem of a post and wanted to archive it here as it's a classic.
From: Linus Torvalds email@example.com
Subject: Re: [stable] Linux 126.96.36.199
Date: 2008-07-15 16:13:03 GMT (1 year, 18 weeks, 1 day, 19 hours and 16 minutes ago)
On Tue, 15 Jul 2008, Linus Torvalds wrote:
> So as far as I'm concerned, "disclosing" is the fixing of the bug. It's
> the "look at the source" approach.
Btw, and you may not like this, since you are so focused on security, one
reason I refuse to bother with the whole security circus is that I think
it glorifies - and thus encourages - the wrong behavior.
It makes "heroes" out of security people, as if the people who don't just
fix normal bugs aren't as important.
In fact, all the boring normal bugs are _way_ more important, just because
there's a lot more of them. I don't think some spectacular security hole
should be glorified or cared about as being any more "special" than a
random spectacular crash due to bad locking.
Security people are often the black-and-white kind of people that I can't
stand. I think the OpenBSD crowd is a bunch of masturbating monkeys, in
that they make such a big deal about concentrating on security to the
point where they pretty much admit that nothing else matters to them.
To me, security is important. But it's no less important than everything
*else* that is also important!