|
|
Log in / Subscribe / Register

Dirty COW and clean commit messages

Dirty COW and clean commit messages

Posted Oct 25, 2016 4:09 UTC (Tue) by spender (guest, #23067)
In reply to: Dirty COW and clean commit messages by drag
Parent article: Dirty COW and clean commit messages

I'm sure everyone in the world updated to 4.8.4 immediately, 3 days after having already updated to 4.8.3. This of course happens in the same fantasy world people like PJ live in where the latest kernels only bring new fixes, and not new bugs.

Meanwhile in the real world, anyone can look at the following patches generated over the same timeframe:

diffstat patch-4.8.1-2 | tail -n 1
52 files changed, 487 insertions(+), 213 deletions(-)

diffstat patch-4.7.7-8 | tail -n 1
48 files changed, 425 insertions(+), 176 deletions(-)

diffstat patch-4.4.24-25 | tail -n 1
27 files changed, 313 insertions(+), 137 deletions(-)

and see the same thing any honest person who does any backporting work knows: that the majority of bugs being fixed in the latest kernels are for recently introduced bugs. If Greg were an honest person, he would admit this. But I realize he's got a lot of conflicting interests to juggle: to take money from the Linux Foundation to create the stable kernels, to keep people doing QA on the latest kernels by telling them the latest upstream kernel has the most fixes, to tell people not to use the old distro kernels because of a fake story he concocted about the exploitability of a tty bug, and to ensure nobody takes him seriously by intentionally covering up vulnerabilities for no reason other than a failed attempt at propping up the facade of "a bug is a bug".

One other thing I find interesting that nobody talks about is that a lot of the unpublicized security fixes Greg backports land in his -stable kernels months after they appear upstream (visible to defenders and attackers alike). Other LTS trees that depend on Greg's solely for backports are even worse. I know this from seeing merged fixes months later from things I've already backported, or for issues I've reported/been cc'd on as I then get automated mails from the stable maintainers. It's interesting how much belief is happening and how little critical thinking goes on, because I'm not sure how people can merge those facts with Greg's propaganda into a straightforward narrative. Pay no attention to the man behind the curtain for now, maybe in a couple years LWN will repeat everything I've said (much like the article I'm commenting on now) and everyone will have a sudden epiphany.

-Brad

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds