• Kissaki@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    we should just write the code how it should be

    Notably, that’s not what he says. He didn’t say in general. He said “for once, [after this already long discussion], let’s push back here”. (Literally “this time we push back”)

    who need a secure OS (all of them) will opt to not use Linux if it doesn’t plug these holes

    I’m not so sure about that. He’s making a fair assessment. These are very intricate attack vectors. Security assessment is risk assessment either way. Whether you’re weighing a significant performance loss against low risk potentially high impact attack vectors or assess the risk directly doesn’t make that much of a difference.

    These are so intricate and unlikely to occur, with other firmware patches in line, or alternative hardware, that there’s alternative options and acceptable risk.