[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

Stephen Frost wrote:

> * Scott James Remnant (scott@netsplit.com) wrote:
> > > It's pretty simple really.  You're going to find out at the same time
> > > either way, it's just that in the first case there will be a package
> > > ready when you find out and in the second case there won't be and you'll
> > > have to wait for one.
> > > 
> > > So, which would you prefer, for there to be a package ready when you
> > > find out, or for there to not be one?
> > > 
> > >From a user point of view, the latter.  I'd rather pull a service down
> > because of an exploit, and wait for a package than to not know about an
> > exploit for one of my systems.
> No, you don't understand.  The user is going to find out *at the same
> time*.  At the time the user finds out there can either be a package
> ready, or not.  I don't believe any user would pick not.
Most users who care about their machines getting hacked tend to read
things like CERT and Bugtraq.

Think "ISP" as an example user.

Scott James Remnant     Have you ever, ever felt like this?  Had strange
http://netsplit.com/      things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: