logo
Published on KernelTrap (http://kerneltrap.org)

"Stable" kernel 2.6.25.7 released debate on LWN.net

By olecom
Created Jun 17 2008 - 14:49

Posted Jun 17, 2008 18:33 UTC (Tue) by olecom (guest, #42886) [Link]
IT bubble days are over. Linux kernel (almost the only useful FOSS thing left) tries to not loose it's volume.

Developers do what they do on limited resources, using dumb tools or no tools at all, saving buzz-hype using PR fuzz. It is a social and economical problem, not a technical and/or ethical one.

If GRSecurity/PaX wants to save this only FOSS thing from security holes, then systematic education, automation of audit and code creation by tools must be employed, database of broken C/API usage must be collected, those patterns must be coded and automated by static analysis on the source editing stage.

This must big and hard step, step forward. But your even smaller resources are wasted to fix and confront consequences. Also i don't see something mentioned in your workflow/goals. And investing into something as moot as all this even for "better future", isn't the way business
wants to make money today.

Top developers try to stay in tune with hardware support/performance side of the technology development. Or they do, what they know how to do best or just somehow (another fs, another scheduler, etc.). They and many others are doing this by basic think+edit+patch+debug(rc1, rcX)... No `git` or similar can eliminate "thinking" and knowledge there.

While automated checking and automated creating of code may reduce debug stages and predict problems on level higher than `gcc -Wall`. Again step forward. But this again against those companies, who milk from static analysis, security audit and consulting.

Linus tries to bring tools, but all so far made, were NIH reimplementation of existing ones. Systematic approach like regression tracking is a craft of committed individuals, no automated tools are available also. And their work is also in some kind of fuzzy state.

Problem of those cargo-cult security specialists, grown under the shadows of LKML and dark ages of Linux 0.99, now being on the top of the food chain and don't want to listen or revolutioning something, is one of all human kind. Just look at present science and thus education, politics, economics, etc... Unless they will gain more, one have no luck. In case of retire, make sure you/your agenda have educated and skilled youngsters to propose and
compete.

posted here: http://lwn.net/Articles/286393/ [1]

Source URL:
http://kerneltrap.org/node/16303

Links:
[1] http://lwn.net/Articles/286393/