Re: netscape security hole
sorry, I wanted to post it to the list. So previous email went to you
On Thu, Aug 10, 2000 at 01:56:18PM -0400, Mike Werner wrote:
> > You are wrong. apt-get is: package handling utility. It is not Debian-Linux
> > installer. You can *add* any deb packages to your Debian GNU/Linux by
> > using apt and its configuration files.
> > It is still far away of that package existing in Debian Distribution.
> By your reasoning damn near *nothing* exists as part of Debian, then. How
> much of the software available via apt-get is actually written by the Debian
> team? Maybe 5%? The rest is software that has been *packaged* in deb
> format, but written by someone else. So now I'm curious as to just what it
> takes to be considered to exist as part of Debian?
Please read the Debian Social Contract policy:
If you want to see which packages do exist in Debian, refer to:
Anything what is not there, isn't part of Debian.
> > And regarding that security bug - well, ipchains and other tools do exist
> > on Debian.
> But how can they exist in Debian? They weren't written by the Debian team.
> They were just packaged by the Debian team, just like Netscape was. And if
> Netscape doesn't exist in Debian, then ipchains can't exist either.
Debian is kind of free-OS, with strong points on security as well.
If Netscape *would* exist in Debian, you would almost immediately find the
security alert on Debian site, first page.
> > Therefore is that bug purely in Netscape.
> This is pure pedantic twaddle. If a bug in a package that is made available
> for installation by a distribution creates a security hole, then the
> distribution has a security hole. If we go by your reasoning that security
> holes in packages are purely a problem with that package and not with the
> distribution, then a distribution can *never* be said to have a security
I am not sure if you follow. Netscape isn't part of Debian. You have to
get Netscape from third party company.
It is up on you as system administrator to know what kind of software you
install on computer anyway.
Debian isn't vulnerable to that bug in Java.