Re: Package descriptions/ITPs [Was: Bug#148319: ITP: unreal-ircd]
On Tue, 2002-05-28 at 19:53, Andrew Suffield wrote:
> In general I would suggest that people should avoid making any
> comments about stability/quality in package descriptions; try to keep
> them objective and opinion-free, please.
Maybe the software has been specifically designed from the ground up to
be secure?
Maybe it does not use C or C++ and buffer overruns are impossible?
Maybe it does not create temporary files, so those exploits are
impossible?
(seems to be the most common 2 reasons for security holes lately).
> [1] All software has security holes. Without exception.
Really? *All* Software?
Spot the security holes:
--- CUT ---
#include <stdio.h>
int main() {
printf("Hello World\n");
return(0);
}
--- CUT ---
--
Brian May <bam@snoopy.apana.org.au>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: