While Linus Torvalds is the main figurehead for the Linux kernel, there are of course countless other individuals contributing to the Linux kernel – some more than others. A contributor of key importance is Andrew Morton, maintainer of the -mm tree. Since changes in how Morton handles things are on the horizon, LWN.net sent Morton a few questions.Andrew Morton really likes the idea of possibly having a bugfix-only release of the Linux kernel, a release where no new features are added, but is entirely focussed on finding and fixing bugs.
I do think that it would be nice to have a bugfix-only kernel release. One which is loudly publicised and during which we encourage everyone to send us their bug reports and we’ll spend a couple of months doing nothing else but try to fix them. I haven’t pushed this much at all, but it would be interesting to try it once. If it is beneficial, we can do it again some other time.”
Morton also says it is hard to determine whether the quality of the code in the Linux kernel is declining, because it is hard to tell what the ratio is between the fixing of bugs, and the introduction of bugs. When it comes to security issues, Morton believes many people are overstating the security issues in the Linux kernel.
I have the impression that most of our “security holes” are bugs in ancient crufty old code, mainly drivers, which nobody runs and which nobody even loads. So most metrics and measurements on kernel security holes are, I believe, misleading and unuseful.
Those security-affecting bugs in the core kernel which affect all kernel users are rare, simply because so much attention and work gets devoted to the core kernel. This is why the recent splice bug was such a surprise and head-slapper.
There is a lot of other interesting stuff in the review, so be sure to hop by LWN.net.