227
submitted 3 weeks ago by neme@lemm.ee to c/linux@programming.dev
you are viewing a single comment's thread
view the rest of the comments
[-] Kissaki@programming.dev 2 points 3 weeks ago

we should just write the code how it should be

Notably, that's not what he says. He didn't say in general. He said "for once, [after this already long discussion], let's push back here". (Literally "this time we push back")

who need a secure OS (all of them) will opt to not use Linux if it doesn’t plug these holes

I'm not so sure about that. He's making a fair assessment. These are very intricate attack vectors. Security assessment is risk assessment either way. Whether you're weighing a significant performance loss against low risk potentially high impact attack vectors or assess the risk directly doesn't make that much of a difference.

These are so intricate and unlikely to occur, with other firmware patches in line, or alternative hardware, that there's alternative options and acceptable risk.

this post was submitted on 22 Oct 2024
227 points (100.0% liked)

Linux

5230 readers
149 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS