[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux 2.0.36 in slink?



-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Oscar" == Oscar Levi <elf@buici.com> writes:

    Oscar> On Wed, Dec 16, 1998 at 11:29:49AM -0800, Joey Hess wrote:
    >> Oscar Levi wrote:
    >> > My software development experience says we should stop making changes
    >> > except for release critical 'bugs'.  We need to be done with slink.
    >> 
    >> A kernel with security holes _is_ a release critical bug.

    Oscar> Not necessarily true.  A crash bug that affects 1 out of
    Oscar> 10000 runs of a program is not release critical.  A
    Oscar> security hole, in of itself, is not a release critical bug.
    Oscar> I ship shrink-wrapped software for a living--part of a
    Oscar> living.  All software has bugs.  I ship on using concrete
    Oscar> criteria and I ship software with known bugs when the cost
    Oscar> of fixing it is greater than the value.

*PLEASE* keep this shit out of Debian!  In one job, I once found a bug
in some package... my supervisor just went: "Yes, I know... but there
are no customer complaints."  So we didn't fix it... the cost of
fixing is *always* greater than the value in this case.

    Oscar> I admin machines for a living--part of a living.  Believe
    Oscar> it or not, most folks are unconcerned about security.  How
    Oscar> do we know?  They run Windows NT servers and attach them to
    Oscar> the Internet.  But seriously folks, it isn't really a
    Oscar> concern for most of them since they've never experienced
    Oscar> intrusion.

Most people don't do backups... so we don't need backup software?

The seriousness of a security hole depends on three things: how easy
it is to exploit, how many access rights can be gotten through
it... and how important the work on the machine is.

Bye, J

- -- 
Jürgen A. Erhard     eMail: jae@ilk.de     phone: (GERMANY) 0721 27326
   MARS: http://members.tripod.com/~Juergen_Erhard/mars_index.html
	      GTK - Free X Toolkit (http://www.gtk.org)
 "Windows NT" is an acronym for "Windows? No thanks." -- Russ McManus

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface

iQEVAwUBNouq7AIG66LugGzRAQHIJwf/V9YMKWxPHg7WEBrtaa6uuBktCCbSaeS4
J5Ec1cpH8U6D4Sy5k0D8+eTWZQYRHowomXv6ilGwj+OT3ob7p7btyhdOA8psZvqI
rRG99fR3/a04/hILolA8EiGgjBqY84rVgPWuk23RNQImuAHWhKhSZYI1kjVxx3Zt
chyrgCdPlaQp0Ltuuz8ux9jqjtMBjbnK+7ehxSYh+FsHLADVJH1EC34eOaD3tp1l
4Wds1woACp8kM19f2Br+SKwFhfD/0dmaHJZntkBJpY0iuQ6zq13lTxPcOQIc4Twt
EsxlVqdiruavVhLm5OJAAK3SjoNfnwNV1sYQtUcaFV9lIx6H9qKI/A=Òop
-----END PGP SIGNATURE-----


Reply to: