Re: security in testing
On Wed, May 14, 2003 at 11:53:31PM +0300, Chris Leishman wrote:
> Then people can bitch and moan about package X not being available and
> can do something to fix it (eg. finally start doing security updates
> for testing). Or they can just put up with it. But either way, their
> box wont be a honey pot.
Removing a package from the archive is not very useful as a security
measure. Most users who want the package will already have it installed,
and it is those users who are most exposed. It's not unusual for a
vulnerability to exist for a long time before it is discovered, during which
time a large number of users will have installed it.
--
- mdz
Reply to: