[PLUG] Linux Journal Readers' choice awards 2013
metherid at gmail.com
Fri Jan 17 16:50:38 PST 2014
On Tue, Jan 14, 2014 at 3:01 PM, Amarendra Godbole wrote:
> There may not be security updates, but there may not be security
> issues in the first place. The only way to ensure this is to lookup
> the quality of developers' on that tool - actively maintained, but too
> many cooks may not be optimum from a security point of view. Consider
> the case of Linux kernel - clearly security isn't a priority,
> especially because they accept binary blobs left, right and center.
> World domination is.
The security focus on Linux kernel needs to be improved but this is not
because they are adding some binary firmware since security issues are not
limited to firmware at all. Quite the contrary, all the firmware is being
separated out over time and shipped as a separate tarball and most
distributions ship firmware separately as well. That is the recommended
practice. The real problem is the lack of security tagging in the
changelog and not enough attention to systematic improvements but the
situation is better than before.
More information about the plug-mail