[HN Gopher] Linux Kernel Security Done Right
       ___________________________________________________________________
        
       Linux Kernel Security Done Right
        
       Author : theafh
       Score  : 27 points
       Date   : 2021-08-03 16:03 UTC (6 hours ago)
        
 (HTM) web link (security.googleblog.com)
 (TXT) w3m dump (security.googleblog.com)
        
       | touisteur wrote:
       | The 'update all the things all the time, maybe there will be
       | regressions, but hey vendors should fix' em' is maybe hearable
       | from a cloud-continuous-delivery standpoint, but not everyone can
       | and should do that. And getting fixes also comes its lot of new
       | features with their unchecked security surfaces, enabled by
       | default...
       | 
       | What I'm also hearing here is 'vendors shouldn't work on their
       | branch but contribute to main/stable branches' and I'm here
       | wondering how you can ever ship anything tested (since it's part
       | of the subject) with this lack of control of branch history.
       | Starting from something you know works, and increasingly
       | upgrade/fix is the only manageable way to ship something as
       | complex and untested as upstream Linux.
       | 
       | The solution is 'add 4 guys to your team and fix our coders' bugs
       | before they ship'? So, fun coding and good PR for some, drudge of
       | shitbugs and abuse on lkml for others.
        
       | tester756 wrote:
       | Feel free to start with asking engineers more security related
       | questions, cuz you know - poorly performing algo can be rewritten
       | meanwhile leak cannot be reverted
        
       ___________________________________________________________________
       (page generated 2021-08-03 23:02 UTC)