Developers of the Linux kernel created a security mailing list this week to air future vulnerability information regarding the open-source operating system's core code.
The list, which the developers plan to announce soon, is an answer to some open-source developers' concerns that reports of security flaws were getting lost in the large amount of e-mail messages sent to the kernel team.
"We aim to keep the process as open as possible," said Chris Wright, Linux kernel developer at Open Source Development Labs. "Sometimes, people prefer to report security vulnerabilities in private to make sure the implications are understood and the fix is known before going public. This is in place to facilitate that and keep things from falling through the cracks."
The mailing list will be the contact point for security issues in the kernel and is the result of several weeks of mulling over how accessible to the public the list should be.
Disclosure of security issues has been a heated debate, both for the kernel development group and in the software community at large. While some argue that publicly revealing a software bug in popular software hurts the security of the Internet, others point out that flaws are generally caused by poor development procedures and a lack of focus on security.
News source:
ieXbeta
Full story:
View Here
Threaded Mode
