At the Register: Linus Torvalds on security: ‘Do no harm, don’t break users‘ By Simon Sharwood — “Fixing for the sake of security alone means ‘all your work was just masturbation’“
Torvalds was angry that developers wanted to kill dangerous processes in Linux, a measure that would have removed potential problems but done so in ways that users may not have enjoyed.
His long post on the matter suggested to security practitioners that “’Do no harm’ should be your mantra for any new hardening work.”
“And that ‘do no harm’ may feel antithetical to the whole point,” Torvalds adedd. “You go ‘but that doesn’t work – then the bug still exists.’ But remember – keep your eye on the endpoint, and that this is just the first step. You need to not piss off users, and you need to not piss of developers.”
Torvalds’ post explained his view that “… the number one rule of kernel development is that ‘we don’t break users’.”
“Because without users, your program is pointless, and all the development work you’ve done over decades is pointless.”
This is a story about the ‘big picture’ and understanding the reason for your efforts. Linus appears to have a good grip on this and that may be a major factor in why Linux is as popular as it is.