在Linux 2.6.25.10稳定版发布的邮件列表上,一位开发者提到了关于修正bug安全影响的披露政策,并再三的强调安全。Linus Torvalds回贴中表示,安全漏洞臭虫只是众多臭虫的一种,过于拔高或赞美安全臭虫的修正者是走在错误的方向上。Linus大神称那帮整天炫耀 OpenBSD安全性的家伙其实是一群自慰的猴子,好像除了安全性,没有其它东西能让他们兴奋起来。安全是重要的,但不等于一切。
原文:
From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: [stable] Linux 2.6.25.10
Newsgroups: gmane.linux.kernel
Date: 2008-07-15 16:13:03 GMT (18 hours and 8 minutes ago)
On Tue, 15 Jul 2008, Linus Torvalds wrote:
>
> So as far as I'm concerned, "disclosing" is the fixing of the bug. It's
> the "look at the source" approach.
Btw, and you may not like this, since you are so focused on security, one
reason I refuse to bother with the whole security circus is that I think
it glorifies - and thus encourages - the wrong behavior.
It makes "heroes" out of security people, as if the people who don't just
fix normal bugs aren't as important.
In fact, all the boring normal bugs are _way_ more important, just because
there's a lot more of them. I don't think some spectacular security hole
should be glorified or cared about as being any more "special" than a
random spectacular crash due to bad locking.
Security people are often the black-and-white kind of people that I can't
stand. I think the OpenBSD crowd is a bunch of masturbating monkeys, in
that they make such a big deal about concentrating on security to the
point where they pretty much admit that nothing else matters to them.
To me, security is important. But it's no less important than everything
*else* that is also important!
Linus
