Hacker News new | ask | show | jobs
by bobthebuilders 1561 days ago
You have it the wrong way around. Tagging the release as security allows nation-state level attackers with large budgets to investigate the fixes, while normal people have to wait to patches. This gives nation-state level attackers with large budgets a heads-up, making it worse for everyone else. Furthermore, nation-state level attacks with large budgets are more focused on offense than defense.
1 comments
staticassertion 1561 days ago
This comment is totally baseless. Anyone who does linux kernel exploit development knows how to crawl the commit log or syzkaller.
link
bobthebuilders 1560 days ago
I'm sorry, but I'm not a nation-state. I wish I was though.
link