Re: Linux 2.0.36 in slink?
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Oscar" == Oscar Levi <email@example.com> writes:
Oscar> On Wed, Dec 16, 1998 at 11:29:49AM -0800, Joey Hess wrote:
>> Oscar Levi wrote:
>> > My software development experience says we should stop making changes
>> > except for release critical 'bugs'. We need to be done with slink.
>> A kernel with security holes _is_ a release critical bug.
Oscar> Not necessarily true. A crash bug that affects 1 out of
Oscar> 10000 runs of a program is not release critical. A
Oscar> security hole, in of itself, is not a release critical bug.
Oscar> I ship shrink-wrapped software for a living--part of a
Oscar> living. All software has bugs. I ship on using concrete
Oscar> criteria and I ship software with known bugs when the cost
Oscar> of fixing it is greater than the value.
*PLEASE* keep this shit out of Debian! In one job, I once found a bug
in some package... my supervisor just went: "Yes, I know... but there
are no customer complaints." So we didn't fix it... the cost of
fixing is *always* greater than the value in this case.
Oscar> I admin machines for a living--part of a living. Believe
Oscar> it or not, most folks are unconcerned about security. How
Oscar> do we know? They run Windows NT servers and attach them to
Oscar> the Internet. But seriously folks, it isn't really a
Oscar> concern for most of them since they've never experienced
Most people don't do backups... so we don't need backup software?
The seriousness of a security hole depends on three things: how easy
it is to exploit, how many access rights can be gotten through
it... and how important the work on the machine is.
Jürgen A. Erhard eMail: firstname.lastname@example.org phone: (GERMANY) 0721 27326
GTK - Free X Toolkit (http://www.gtk.org)
"Windows NT" is an acronym for "Windows? No thanks." -- Russ McManus
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface
-----END PGP SIGNATURE-----