... It makes "heroes" out of security people, as if the people who [just]
fix normal bugs aren't as important.
In fact, all the boring normal bugs are _way_ more important, just
because there's a lot more of them. I don't think some spectacular
security hole should be glorified or cared about as being any
more "special" than a random spectacular crash due to bad locking.
Security people are often the black-and-white kind of people that INormal bugs are "way more important" than security to Linus, the guy in charge of Linux? I'm sure gonna think twice before running Linux on anything connected to the Internet. If he'd actually read the OpenBSD security policy document, or any of our presentations at conferences over the years, rather than just calling silly names, he'd know that OpenBSD works on ordinary bugs as a way of preventing security bugs. But I guess it's easier to sit at home pulling on your tool chain and calling people names, than to actually acquaint yourself with the facts. Well done, Linus. Next time I won't even bother recommending Linux as a second choice after OpenBSD.
can't stand. I think the OpenBSD crowd is a bunch of masturbating
monkeys, in that they make such a big deal about concentrating
on security to the point where they pretty much admit that nothing
else matters to them.
P.S. As if to prove the point, the next day, security mailing lists were full of this:
Wei Wang discovered that the ASN.1 decoding routines in CIFS andSo they have CIFS and SNMP in the Linux kernel, and they haven't checked for overflows? 'Nuff said!
SNMP NAT did not correctly handle certain length values. Remote
attackers could exploit this to execute arbitrary code or crash
the system. (CVE-2008-1673)
P.P.S: Apparently not enough said! It seems that the esteemed Mr. Torvalds is also implicated in a massive coverup of security bugs (aka attempted "security through obscurity").