On Fri, Mar 26, 2004 at 02:10:19PM +1030, Paul Shirren wrote:
> Anthony Towns wrote:
> > Not really; it's certainly true in some cases -- we don't do security
> > support for unreleased distributions (testing, unstable or experimental),
> It is annoying because I couldn't bare to use stable beyond its use as
> an installer. I don't think I am the only one.
> It would be nice if there was more security info on Sid.
Sure. 100% agreed.
> Still, I think Debian security works pretty well overall.
Sure, so do I.
> > so there are definitely vulnerabilities left in some of those packages;
> > and I'm sure in some cases those packages get dropped rather than patched.
> I appreciate your honesty, but you are scaring me.
That's one of the benefits of free-as-in-beer free software, I get
to admit to problems rather than worrying about finding some way to
put a good spin on them, or trying to take the critics down a peg or
three.
And especially wrt security you _should_ be scared; people who are
confident about their security end up like OpenBSD -- specifically
targetted to take them down a peg or two, in spite of world's best
practice measures -- or like Microsoft -- ending up with architectural
vulnerabilities due to a culture of indifference and inexperience with
security issues, that takes significant redevelopment to fix.
Well, perhaps you might choose to be "alert, not alarmed" instead of just
plain scared, if you prefer.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
Linux.conf.au 2004 -- Because we could.
http://conf.linux.org.au/ -- Jan 12-17, 2004
Attachment:
signature.asc
Description: Digital signature