Get off my lawn
There’s been a lot of grumbling on the discovery to the communication and fixing. Greg shared his concerns in a blog post: “As for how this was all handled by the companies involved, well this could be described as a textbook example of how NOT to interact with the Linux kernel community properly. The people and companies involved know what happened, and I’m sure it will all come out eventually, but right now we need to focus on fixing the issues involved, and not pointing blame, no matter how much we want to.”
Linus Torvalds was annoyed at Intel’s attempt to pitch the vulnerability as a feature with an optional flag to disable it. “All of this is pure garbage. Is Intel really planning on making this s**t architectural?” Yet not everyone’s happy with the Linux kernel’s handling of the situation, either. Grsecurity’s Brad Spengler said, “I think it points to either a massive lack of investment in security on behalf of the billion dollar companies involved in Linux, failure to retain the necessary talent, or a combination of both, that we seem to be the only ones doing this work, let alone without the benefit of months of advance notice in private.”
And spare a thought for the *BSD camp, that was left scrambling for a solution. “We have received no non-public information. I’ve seen posts elsewhere by other *BSD people implying that they receive little or no prior warning, so I have no reason to believe this was specific to OpenBSD and/or our philosophy. Personally, I do find it....amusing?”, wrote OpenBSD’s Philip Guenther.