Re: Updating scanners and filters in Debian stable (3.1)

To: Stephen Gran <sgran@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Updating scanners and filters in Debian stable (3.1)
From: Thomas Bushnell BSG <tb@becket.net>
Date: 06 Oct 2004 12:33:42 -0700
Message-id: <[🔎] 87u0t7tze1.fsf@becket.becket.net>
In-reply-to: <[🔎] 20041006171830.GC22723@www.lobefin.net>
References: <[🔎] 20041004214419.GA31875@cirrus.madduck.net> <[🔎] 20041004214419.GA31875@cirrus.madduck.net> <[🔎] 20041004214759.GD16999@mails.so.argh.org> <[🔎] E1CEb7V-0000RP-00@chiark.greenend.org.uk> <[🔎] 20041005013912.GB8747@www.lobefin.net> <[🔎] 87hdp9rv3a.fsf@becket.becket.net> <[🔎] 20041005163756.GA27512@www.lobefin.net> <[🔎] 87mzz1q8xx.fsf@becket.becket.net> <[🔎] 20041005195220.GE12265@riva.ucam.org> <[🔎] 87r7obvlvt.fsf@becket.becket.net> <[🔎] 20041006171830.GC22723@www.lobefin.net>

Stephen Gran <sgran@debian.org> writes:

> I thought that 'issues related to the development of debian' was on topic
> for this list.  It is not at all clear to me that this is a security
> issue, because outdated A/V software usually does not place the server
> it runs on at risk for compromise.  

We have been told that:

1) Outdated A/V software must be upgraded, because the upgrading is
   critical to the security of the machine that relies on it.
2) If it is not upgraded, then it is better not to have it at all.

Both of those seem to be true to me of, say:

A) Outdated ssh binaries must be ugraded, because the upgrading is
   critical to the security of the machine that relies on them.
B) If they are not upgraded, then it is better not to have them at
   all.

Now in the case of ssh, we have set up a special security archive to
deal with the case.

I think (1) is true, and I think both (A) and (B) are true.  I am not
sure about (2), but I do understand why people are arguing for it.  If
they are correct, then it seems to me that the security archive is
already an excellent place for the updates.

Thomas

Reply to:

Follow-Ups:
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: martin f krafft <madduck@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: martin f krafft <madduck@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Updating scanners and filters in Debian stable (3.1)
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: possible mass bug filing: spamassassin 3
Next by Date: Re: Updating scanners and filters in Debian stable (3.1)
Previous by thread: Re: Updating scanners and filters in Debian stable (3.1)
Next by thread: Re: Updating scanners and filters in Debian stable (3.1)
Index(es):
- Date
- Thread