The founder of Linux explains why he's not thinking about the next 10 years of Linux and why security is all about finding bugs.
SEATTLE—At the annual LinuxCon event here, Linux
creator Linus Torvalds revealed how he thinks about security. Torvalds
was onstage with Linux Foundation Executive Director Jim Zemlin, who
asked the Linux founder how he feels about being the boss of Linux.
"I love open source and how all the credit comes to me," Torvalds said. "Realistically though, I only have the power to say no."
Zemlin asked Torvalds how he sees security in Linux, which is a topic of
increasing concern with multiple high-profile open-source
vulnerabilities in the last year, including the Heartbleed and
Shellshock flaws.
Torvalds said he's sometimes at odds with the security community. In his
view, many in the security community only see issues as black and
white, right or wrong.
"What I see is that security is bugs," Torvalds said. "Most of
the security issues we've had in the kernel have been just completely
stupid bugs that nobody really would have thought of as security issues
normally, except that some clever person is able to take advantage of
it."
Torvalds stressed that it is not possible to ever entirely be rid
of bugs in software and that some bugs will, in fact, be security
issues. Given that bugs are inevitable, Torvalds said that security will
never be perfect in Linux.
That said, Torvalds emphasized that, in the Linux kernel, the community
is very careful and has strict standards on how to get code into the
kernel.
"The only real solution to security is to admit that bugs happen,"
Torvalds said, "and then mitigate them by having multiple layers, so if
you have a hole in one component, the next layer will catch the issue."
Torvalds added, "Anyone that thinks that we'll be entirely secure is just not realistic; we'll always have issues."
Zemlin also asked Torvalds about Docker containers, a hot topic at
LinuxCon and the broader technology community in 2015. Torvalds said he
doesn't really think much about containers as the Linux kernel tends to
be fairly far removed from buzzwords.
"We're an infrastructure play, and I only care about how people use the kernel," Torvalds said.
Torvalds also talked about the emerging world of the Internet of things
(IoT), where Linux is a major player today on embedded systems. A key
concern about Linux on IoT devices, however, is the growing size of the
Linux kernel.
"We're trying to be a lean-and-mean IoT machine," Torvalds said. "But it's always hard to get rid of unnecessary fat."
Realistically, the Linux kernel will not shrink down to the size it was
20 years ago, but it can still shrink to a certain degree, Torvalds
said. "But if you do want to look at really small devices, you might
need to look at other alternatives," he said.
Source: eWEEK
No comments:
Post a Comment