Torvalds Hits Security, OpenBSD Developers In E-mail Flame

An e-mail from Linux creator Linus Torvalds taking developers to task for trumpeting their successes in fixing security bugs has created a dustup in the open-source development community.

Torvalds' message, sent to the Gmane Linux kernel mailing list on Tuesday, refers to "the whole security circus" and particularly takes developers of the OpenBSD operating system to task, referring to them as "a bunch of masturbating monkeys."

The e-mail was part of an exchange across the Gmane mailing list involving a developer for Pax, the community that provides security patches for the Linux kernel concerning the impact of security bugs in the kernel and whether they should be labeled security flaws.

"So far as I'm concerned, 'disclosing' is the fixing of the bug," Torvalds wrote about the issue. "It's the 'look at the source' approach."

He went on to write: "One reason I refuse to bother with the whole security circus is that I think it glorifies " and thus encourages " the wrong behavior. It makes 'heroes' out of security people, as if the people who don't (sic) just fix normal bugs aren't as important."

"In fact, all the boring normal bugs are way more important, just because there's a lot more of them," Torvalds wrote. "I don't think some spectacular security hole should be glorified or cared about as being any more 'special' than a random spectacular crash due to bad locking."

"Security people are often the black-and-white kind of people that I can't stand," he said in the e-mail. "I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them. To me, security is important. But it's no less important than everything *else* that is also important."