Linux Leader Expounds on His Colorful Comments
Somewhat known for his vivid — and sometimes vituperative — commentary, Linus Torvalds is no stranger to controversy. That experience may do him well this week, as the torches and pitchforks have come out and are marching his way after an interview with Network World reignited the flames fanned by last month's colorful commentary on security.
Just over a month ago, a message from the Hacker-in-Chief hit the Linux kernel mailing list with a detailed description of just how Mr. Torvalds feels about "security people" and the culture they promote. The message — which included such memorable phrases as "a bunch of masturbating monkeys" — caused an uproar among security advocates, particularly in the OpenBSD community, which was singled out by name.
The controversy is back on the front pages this week, as Linus rehashed the issue in his Network World interview, saying he's fed up with the "security circus," describing it as PR posturing on the part of two different, but equally irritating, camps. On one side, he says, are those who want total secrecy, refusing to disclose any bug until it has been patched, and on the other are those who "revel" in finding and disclosing bugs, which he attributes to a desire to embarrass vendors — "proof that the vendors are corrupt and crap, which admittedly mostly are." Torvalds described both groups as "crazy" and "idiots" more interested in the publicity surrounding their work than actually patching the vulnerabilities.
Linus says he practices a middle path — "the Unix model" — where bugs are reported privately, but are not kept secret indefinitely, vendors are compelled to patch vulnerabilities, without being publicly shamed, and the focus remains on fixing bugs and produces as little fanfare as possible. While that may certainly be the case for kernel bugs, "as little fanfare as possible" certainly doesn't describe the reception of his comments.
Justin Ryan is a Contributing Editor for Linux Journal.
|diff -u: What's New in Kernel Development||Sep 04, 2015|
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- The True Internet of Things
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- September 2015 Issue of Linux Journal: HOW-TOs
- Firefox Security Exploit Targets Linux Users and Web Developers
- diff -u: What's New in Kernel Development
- Concerning Containers' Connections: on Docker Networking
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects