Re: woody release task needs help: package priorities
Previously Tollef Fog Heen wrote:
> You are assuming that talkd have buffer overflows, but you have no
> proof of it. And talk is rwxr-xr-x, so what would you win by an
> overflow on a local host? And I doubt that there are many bugs in a
> daemon which is less than 10k big.
Security works the other way around: assumed vulnerable until proven
otherwise. And for any non-trivial program proof is impossible, so
the best we can do is limit the risks.
/ Nothing is fool-proof to a sufficiently talented fool \
| firstname.lastname@example.org http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |