So by that logic, it is unfair to criticise flash and or Java as Windows security issues?
It seems like Linux people want to shift the definition of "Linux" between only the kernel and the entire OS when it is convenient. In this case we're shifting down the definition to "kernel only" so we can avoid talking about Linux (the OS's) potential security issues.
Heartbleed and Shellshock are Linux (OS) issues. Just because that same software may ship on BSD and OS X is entirely irrelevant. Linux was still by far the largest target (just like Windows is the largest target of cross-platform Java vulnerabilities).
Linux as a kernel is pretty freaking secure. Linux as an OS has a lot of issues, and many (most?) popular distributions are a large part of why (e.g. SELinux is often disabled by default and a lot of packages are incompatible, a lot of services run as root by default, a lot of packages are installed by default (not the minimum), etc).
> So by that logic, it is unfair to criticise flash and or Java as Windows security issues?
Uh, yes. They are not Windows security issues.
> Heartbleed and Shellshock are Linux (OS) issues.
No they were not. Run OpenSSL on Windows and you were just as vulnerable to Heartbleed, same as if you ran bash as a CGI service on Windows, or OSX or BSD or VMS or ...
> shift the definition of "Linux" between only the kernel and the entire OS when it is convenient.
No they don't, Linux the OS makes sense in some circumstances, not in others, this is one of those times where it doesn't since we're talking specifically about Linus' work.
It seems like Linux people want to shift the definition of "Linux" between only the kernel and the entire OS when it is convenient. In this case we're shifting down the definition to "kernel only" so we can avoid talking about Linux (the OS's) potential security issues.
Heartbleed and Shellshock are Linux (OS) issues. Just because that same software may ship on BSD and OS X is entirely irrelevant. Linux was still by far the largest target (just like Windows is the largest target of cross-platform Java vulnerabilities).
Linux as a kernel is pretty freaking secure. Linux as an OS has a lot of issues, and many (most?) popular distributions are a large part of why (e.g. SELinux is often disabled by default and a lot of packages are incompatible, a lot of services run as root by default, a lot of packages are installed by default (not the minimum), etc).