Re: woody release task needs help: package priorities

To: debian-boot@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: woody release task needs help: package priorities
From: Michael Stone <mstone@debian.org>
Date: Tue, 15 May 2001 09:34:41 -0400
Message-id: <[🔎] 20010515093441.C15731@justice.loyola.edu>
Mail-followup-to: debian-boot@lists.debian.org, debian-devel@lists.debian.org
In-reply-to: <[🔎] 3B012859.8C3BB746@cs.bilkent.edu.tr>; from erayo@cs.bilkent.edu.tr on Tue, May 15, 2001 at 04:00:09PM +0300
References: <[🔎] oak83n6md6.fsf@arroz.fake> <[🔎] 20010512113330.A9975@shockwave.wavekind.bofh-crew.de> <[🔎] 87heyqhljy.fsf@arabella.intern.opera.no> <[🔎] 20010514081429.Z15731@justice.loyola.edu> <[🔎] 87ofswul2y.fsf@arabella.intern.opera.no> <[🔎] 3B012859.8C3BB746@cs.bilkent.edu.tr>

On Tue, May 15, 2001 at 04:00:09PM +0300, Eray Ozkural (exa) wrote:
> I sometimes have the feeling that too much security is breaking many
> convenient features. It would be wrong to put in a program with known
> vulnerabilities, but except that I don't see why you would want to
> remove useful small programs.

Because the vast majority of users probably don't care about all the
possible features (and many don't even know they exist/are active) are
are needlessly exposed to an avoidable security risk. Time and again
we've seen programs, even those originally designed as secure
alternatives, exploited by holes discovered years after they were first
released. The *only* practical way to prevent this is to not run
external services unless they're really required. Unless you care to
come up with a proof of correctness...

Didn't think so.

-- 
Mike Stone

Reply to:

References:
- woody release task needs help: package priorities
  - From: Adam Di Carlo <adam@onshore.com>
- Re: woody release task needs help: package priorities
  - From: Bastian Blank <waldi@debian.org>
- Re: woody release task needs help: package priorities
  - From: Tollef Fog Heen <tollef@add.no>
- Re: woody release task needs help: package priorities
  - From: Michael Stone <mstone@debian.org>
- Re: woody release task needs help: package priorities
  - From: Tollef Fog Heen <tollef@add.no>
- Re: woody release task needs help: package priorities
  - From: "Eray Ozkural \(exa\)" <erayo@cs.bilkent.edu.tr>

Prev by Date: Re: Undefined symbol __tic (possibly GL related?)
Next by Date: Re: testing: apache b0rked again
Previous by thread: Re: woody release task needs help: package priorities
Next by thread: Re: woody release task needs help: package priorities
Index(es):
- Date
- Thread