Re: netscape security hole

To: debian-user@lists.debian.org
Subject: Re: netscape security hole
From: Marko Cehaja <marko@perlbroker.2y.net>
Date: Thu, 10 Aug 2000 20:05:35 +0200
Message-id: <20000810200535.D11661@perlbroker.2y.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <20000810135618.C21422@localnet.here>; from reznaeous@earthlink.net on Thu, Aug 10, 2000 at 01:56:18PM -0400
References: <Pine.LNX.4.21.0008081736260.3748-100000@tinuviel.cs.wcu.edu> <Pine.LNX.4.21.0008081808500.1527-100000@tux.creighton.edu> <20000810180211.B9747@perlbroker.2y.net> <20000810102144.F19148@ix.netcom.com> <20000810193602.I9747@perlbroker.2y.net> <20000810134123.B21422@localnet.here> <20000810194617.A11556@perlbroker.2y.net> <20000810135618.C21422@localnet.here>

Dear

sorry, I wanted to post it to the list. So previous email went to you
privately.

On Thu, Aug 10, 2000 at 01:56:18PM -0400, Mike Werner wrote:
> > 
> > You are wrong. apt-get is: package handling utility. It is not Debian-Linux
> > installer. You can *add* any deb packages to your Debian GNU/Linux by
> > using apt and its configuration files.
> > 
> > It is still far away of that package existing in Debian Distribution.
> 
> By your reasoning damn near *nothing* exists as part of Debian, then.  How
> much of the software available via apt-get is actually written by the Debian
> team?  Maybe 5%?  The rest is software that has been *packaged* in deb
> format, but written by someone else.  So now I'm curious as to just what it
> takes to be considered to exist as part of Debian?

Please read the Debian Social Contract policy:
http://www.debian.org/social_contract

If you want to see which packages do exist in Debian, refer to:
http://www.debian.org/distrib/packages

Anything what is not there, isn't part of Debian.

> > And regarding that security bug - well, ipchains and other tools do exist
> > on Debian.
> 
> But how can they exist in Debian?  They weren't written by the Debian team. 
> They were just packaged by the Debian team, just like Netscape was.  And if
> Netscape doesn't exist in Debian, then ipchains can't exist either.

Debian is kind of free-OS, with strong points on security as well. 
If Netscape *would* exist in Debian, you would almost immediately find the
security alert on Debian site, first page.

> 
> > Therefore is that bug purely in Netscape.
> 
> This is pure pedantic twaddle.  If a bug in a package that is made available
> for installation by a distribution creates a security hole, then the
> distribution has a security hole.  If we go by your reasoning that security
> holes in packages are purely a problem with that package and not with the
> distribution, then a distribution can *never* be said to have a security
> hole.

I am not sure if you follow. Netscape isn't part of Debian. You have to
get Netscape from third party company.

It is up on you as system administrator to know what kind of software you
install on computer anyway. 

Debian isn't vulnerable to that bug in Java.

Sincerely,
Marko Cehaja

Reply to:

Follow-Ups:
- Re: netscape security hole
  - From: Mike Werner <reznaeous@earthlink.net>
- Re: netscape security hole
  - From: Sven Burgener <svenb@bluewin.ch>

References:
- netscape security hole
  - From: David Teague <dbt@tinuviel.cs.wcu.edu>
- Re: netscape security hole
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>
- Re: netscape security hole
  - From: Marko Cehaja <marko@perlbroker.2y.net>
- Re: netscape security hole
  - From: kmself@ix.netcom.com
- Re: netscape security hole
  - From: Marko Cehaja <marko@perlbroker.2y.net>
- Re: netscape security hole
  - From: Mike Werner <reznaeous@earthlink.net>

Prev by Date: Re: /etc/environment
Next by Date: Re: Debian ISO
Previous by thread: Re: netscape security hole
Next by thread: Re: netscape security hole
Index(es):
- Date
- Thread