Re: woody release task needs help: package priorities

To: debian-devel@lists.debian.org, debian-boot@lists.debian.org
Subject: Re: woody release task needs help: package priorities
From: Wichert Akkerman <wichert@valinux.com>
Date: Tue, 15 May 2001 17:43:25 +0200
Message-id: <[🔎] 20010515174325.D18174@cistron.nl>
Mail-followup-to: debian-devel@lists.debian.org, debian-boot@lists.debian.org
In-reply-to: <[🔎] 87pudan0tm.fsf@arabella.intern.opera.no>; from tollef@add.no on Tue, May 15, 2001 at 04:28:37PM +0200
References: <[🔎] OF7805CC80.501809D3-ON86256A4D.004A6FDA@norlight.com> <[🔎] 87pudan0tm.fsf@arabella.intern.opera.no>

Previously Tollef Fog Heen wrote:
> You are assuming that talkd have buffer overflows, but you have no
> proof of it.  And talk is rwxr-xr-x, so what would you win by an
> overflow on a local host?  And I doubt that there are many bugs in a
> daemon which is less than 10k big.

Security works the other way around: assumed vulnerable until proven
otherwise. And for any non-trivial program proof is impossible, so
the best we can do is limit the risks.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to:

References:
- Re: woody release task needs help: package priorities
  - From: "Vince Mulhollon" <vlm@norlight.com>
- Re: woody release task needs help: package priorities
  - From: Tollef Fog Heen <tollef@add.no>

Prev by Date: Re: What's wrong with wmaker and wmaker-plain?
Next by Date: Re: debbugs can now send bug mails to someone different than the maintainer
Previous by thread: Re: woody release task needs help: package priorities
Next by thread: Re: woody release task needs help: package priorities
Index(es):
- Date
- Thread