Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: Michel LESPINASSE <walken@windriver.com>
- Cc: Thomas Quinot <thomas@debian.org>, Ruud de Rooij <ruud@ruud.org>, Joseph Carter <knghtbrd@debian.org>, Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Thomas Quinot <quinot@email.enst.fr>
- Date: Wed, 2 Feb 2000 17:18:06 +0100
- Message-id: <20000202171806.C29101@lantier.enst.fr>
- Reply-to: quinot@inf.enst.fr
- In-reply-to: <Pine.GSO.3.96.1000202160719.26748O-100000@ille>; from walken@windriver.com on Wed, Feb 02, 2000 at 05:05:13PM +0000
- References: <20000202151024.A3765@cuivre.fr.eu.org> <Pine.GSO.3.96.1000202160719.26748O-100000@ille>
Le 2000-02-02, Michel LESPINASSE écrivait :
> However, I think Thomas is wrong to blame mbr and debian for his security
> breach...
I am not blaming mbr, which does exactly what it was written for.
I am questioning the usefulness of introducing a new, peculiar behaviour
that augments the vulnerability of the system, and I blame boot-floppies
for not documenting the fact that this peculiar behaviour is the
system default.
> switching from debian to something else seems dubious... (and I feel that
> debian is doing a good job on security compared to other distros).
I was thinking so too.
> I would be very tempted to mock you for your "I wont use your software if
> you dont agree with me" argument if you were not a debian developper
> yourself :)
The fact that I am a Debian developer has no relevance to the fact
that I am reluctant to use and promote the use of a Linux distribution
wherein an important security concern is not given cosideration.
Thomas.
--
Thomas Quinot ** Département Informatique & Réseaux ** quinot@inf.enst.fr
ENST // 46 rue Barrault // 75634 PARIS CEDEX 13
Reply to: