It’s about linux kernel security… but also Linus Torvalds and the warranty that comes with the linux kernel. I really suggest you to read it.
There are three main themes in the article:
- first: theÂ linux kernel “warranty”
- second: concerns about the kernel security
- third: the way Linus Torvalds behaves towards contributors
From my perspective they are reported in a way that describe open-source software as insecure and lead by despotic leaders, makingÂ the linux kernel anÂ example of that. I don’t believe this is true and making assumption like that is a way too generic approach to the problem of secure software.
The first point seemsÂ somehow misinterpreted. It seems that who is contributing and building the linux kernel should be legally responsible for it, when it’s clearly stated that it comes with no warranty. The linux kernelÂ has always been open-source and free for anyone to use or modify.
Making open source software the base of your company is a choice. With that choice, as with using closed-source software, comes a trade off. Usually with closed-source software you are outsourcing knowledge onÂ how something works. With open-source software you are betting on the opposite: you will always have access to the code you use.
I see advantages in both sides. With closed-source software Â you don’t need to have people in house, you can have external support, etc. With open-source software you don’t have any fee, you can get help fromÂ a community or hire people already knowing the software.
It’s just a tradeoff. Linux is in a lot of servers and devices today because it was chosen for those tasks overÂ other systems. Its copyright and warranty are just another way of releasing software. They don’t make linux less secure.
The second argument is the core argument of the article and it is very important and should be taken into consideration.
I would really like to seeÂ big companies using linux contributing to produce a viable hardened linux kernel.Â But my guess is that they are hardening their systems instead of the kernel, as suggested by Torvalds, because it’s way simpler and less costly*, making sure that reaching the kernel or taking complete control of a machine is very very difficult.
The thirdÂ point is something that polarize the linux community and the open-source community at large (or at least the part that I know).
I don’t like the way TorvaldsÂ sometime answers to people, and I think that being the lead of a big (the biggest?) open-source project is not an excuse. I can easily nameÂ leadersÂ in bigÂ open-source projects that I’ve never seen answering like Torvalds sometime does. It’s a shame, because it drives people away from a project that is the base of linux and the open-source ecosystem.
* Let’s stay positive and avoid conspiracy theories 🙂