Re: security in testing

To: debian-devel@lists.debian.org
Subject: Re: security in testing
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 14 May 2003 17:36:01 -0400
Message-id: <[🔎] 20030514213601.GS13945@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 1F31E8A0-864E-11D7-84D2-003065F97418@leishman.org>
References: <[🔎] 20030514190217.GP13945@alcor.net> <[🔎] 1F31E8A0-864E-11D7-84D2-003065F97418@leishman.org>

On Wed, May 14, 2003 at 11:53:31PM +0300, Chris Leishman wrote:

> Then people can bitch and moan about package X not being available and 
> can do something to fix it (eg. finally start doing security updates 
> for testing).  Or they can just put up with it.  But either way, their 
> box wont be a honey pot.

Removing a package from the archive is not very useful as a security
measure.  Most users who want the package will already have it installed,
and it is those users who are most exposed.  It's not unusual for a
vulnerability to exist for a long time before it is discovered, during which
time a large number of users will have installed it.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: security in testing
  - From: Chris Leishman <masklin@debian.org>
- conflicts-based solution (was Re: security in testing)
  - From: Joey Hess <joeyh@debian.org>

References:
- Re: security in testing
  - From: Matt Zimmerman <mdz@debian.org>
- Re: security in testing
  - From: Chris Leishman <chris@leishman.org>

Prev by Date: Re: security in testing
Next by Date: Re: Returning from "vacation". (MIA?)
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread