Re: security in testing

To: debian-devel@lists.debian.org
Subject: Re: security in testing
From: Chris Leishman <masklin@debian.org>
Date: Thu, 15 May 2003 01:10:18 +0300
Message-id: <[🔎] D8F0EF48-8658-11D7-84D2-003065F97418@debian.org>
In-reply-to: <[🔎] 20030514213601.GS13945@alcor.net>


On Thursday, May 15, 2003, at 12:36 AM, Matt Zimmerman wrote:
<snip>

Removing a package from the archive is not very useful as a security
measure. Most users who want the package will already have itinstalled,
and it is those users who are most exposed.  It's not unusual for a
vulnerability to exist for a long time before it is discovered, duringwhich
time a large number of users will have installed it.

So perhaps the replacement is a better way of doing it. Then thequestion is whether you replace it with a dummy empty one, or aessentially identical working one, except containing a very loudwarning.


--
Chris

Reply to:

Follow-Ups:
- Re: security in testing
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: security in testing
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: security in testing
Next by Date: Re: security in testing
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread