Re: Bug#2655: ld.so includes header file, clashes with old libc
Raul Miller (borrowing Bruce Peren's mail headers):
> I didn't claim that WWW transactions were secure. I claimed that
> SMTP transactions were no more secure than WWW transactions. All
> you really have to go on (aside from message content) is the
> machine that talked to you.
I should probably expand on this. It's an important topic.
The most important aspect in a robust and secure system is a continual
flow of [interesting] information to the relevant people. That way,
when something goes awry, people can see that and act to correct it.
Cryptographic mechanisms are mere bells and whistles in this context.
Useful, but only a fraction of a real security implementation.
In the particular case we're dealing with (bug tracking), the
important issue is that the package maintainer be informed of status
changes on his or her packages. This can happen by email,
irregardless of how the changes get into the system. And, with only a
little bit of support (journaling) it can be made robust enough for a
changing multi-developer and part-time effort.
Basically, what we really want are sanity checks. Sanity checks allow
a responsible person to take action before things fly apart.
--
Raul
Reply to: