Re: Linux 2.0.36 in slink?
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Oscar" == Oscar Levi <elf@buici.com> writes:
Oscar> On Wed, Dec 16, 1998 at 11:29:49AM -0800, Joey Hess wrote:
>> Oscar Levi wrote:
>> > My software development experience says we should stop making changes
>> > except for release critical 'bugs'. We need to be done with slink.
>>
>> A kernel with security holes _is_ a release critical bug.
Oscar> Not necessarily true. A crash bug that affects 1 out of
Oscar> 10000 runs of a program is not release critical. A
Oscar> security hole, in of itself, is not a release critical bug.
Oscar> I ship shrink-wrapped software for a living--part of a
Oscar> living. All software has bugs. I ship on using concrete
Oscar> criteria and I ship software with known bugs when the cost
Oscar> of fixing it is greater than the value.
*PLEASE* keep this shit out of Debian! In one job, I once found a bug
in some package... my supervisor just went: "Yes, I know... but there
are no customer complaints." So we didn't fix it... the cost of
fixing is *always* greater than the value in this case.
Oscar> I admin machines for a living--part of a living. Believe
Oscar> it or not, most folks are unconcerned about security. How
Oscar> do we know? They run Windows NT servers and attach them to
Oscar> the Internet. But seriously folks, it isn't really a
Oscar> concern for most of them since they've never experienced
Oscar> intrusion.
Most people don't do backups... so we don't need backup software?
The seriousness of a security hole depends on three things: how easy
it is to exploit, how many access rights can be gotten through
it... and how important the work on the machine is.
Bye, J
- --
Jürgen A. Erhard eMail: jae@ilk.de phone: (GERMANY) 0721 27326
MARS: http://members.tripod.com/~Juergen_Erhard/mars_index.html
GTK - Free X Toolkit (http://www.gtk.org)
"Windows NT" is an acronym for "Windows? No thanks." -- Russ McManus
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface
iQEVAwUBNouq7AIG66LugGzRAQHIJwf/V9YMKWxPHg7WEBrtaa6uuBktCCbSaeS4
J5Ec1cpH8U6D4Sy5k0D8+eTWZQYRHowomXv6ilGwj+OT3ob7p7btyhdOA8psZvqI
rRG99fR3/a04/hILolA8EiGgjBqY84rVgPWuk23RNQImuAHWhKhSZYI1kjVxx3Zt
chyrgCdPlaQp0Ltuuz8ux9jqjtMBjbnK+7ehxSYh+FsHLADVJH1EC34eOaD3tp1l
4Wds1woACp8kM19f2Br+SKwFhfD/0dmaHJZntkBJpY0iuQ6zq13lTxPcOQIc4Twt
EsxlVqdiruavVhLm5OJAAK3SjoNfnwNV1sYQtUcaFV9lIx6H9qKI/A=Òop
-----END PGP SIGNATURE-----
Reply to: