Re: exec-shield (maybe ITP kernel-patch-exec-shield)

To: Peter Busser <peter@adamantix.org>
Cc: debian-devel@lists.debian.org
Subject: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
From: Florent Rougon <f.rougon@free.fr>
Date: Fri, 28 Nov 2003 10:36:00 +0100
Message-id: <[🔎] 87r7zsygvz.fsf@florent.maison>
Mail-followup-to: Peter Busser <peter@adamantix.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031127135954.GA2371@adamantix.org> (Peter Busser's message of "Thu, 27 Nov 2003 14:59:54 +0100")
References: <[🔎] 20031121164140.GA23900@adamantix.org> <[🔎] 200311271126.50262.russell@coker.com.au> <[🔎] 20031127120603.GA1047@adamantix.org> <[🔎] 200311280034.54723.russell@coker.com.au> <[🔎] 20031127135954.GA2371@adamantix.org>

Peter Busser <peter@adamantix.org> wrote:

> In other words, there is no need for a seperate patch package in Adamantix.
> If I were to create and maintain such a package, it would be purely for the
> benefit of Debian.

[...]

> I think that I have already identified one area of mutual interest from the
> Adamantix point of view (see above). I think that mutual means that the effort
> comes from both sides. Therefore I am interested in hearing from you what this
> effort from Debian's side is going to be.
>
> But I suspect that the answer is going to be something like: Put a patch
> package in Debian and then, if you are really really really lucky, you might
> see some minimal reward for your effort. That is again expecting Adamantix to
> do work for Debian with nothing in return.

I am astounded at so much stupidity. The home page of your project
states that Adamantix is "A distribution mostly based on Debian woody,
but with some packages from testing and unstable".

You should try a reality check from time to time. If one of the projects
among Debian and Adamantix is indebted to the other one, it is quite
clearly Adamantix to Debian and not the other way round at the moment.

For me, it makes no doubt that you are far too dumb to assemble an
operating system that is as secure as advertised on the Adamantix home
page: it is clear that you are unable to audit all the code you
incorporated from Debian packages, including upstream code (be it skills
or time, most probably both). So, if a package you incorporated is
compromised, you are likely to be rooted. And for this to happen, it is
sufficient that a developer's machine be compromised. By not trying to
improve the security of most Debian installations (which you are doing
by refusing to cooperate to get PaX into Debian), you are doing nothing
to lower the probability of a developer's machine being compromised.

Yes, you are trying to get rooted, you and all Admantix users. That is
stupid.

A last one, just for fun:

  "The Adamantix project aims to create the most secure but usable Linux
   platform on this planet" -- http://www.adamantix.org/

Nice joke.

*plonk*

-- 
Florent

Reply to:

Follow-Ups:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>

References:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>

Prev by Date: Re: GIMP 1.3, plugins and i18n
Next by Date: Re: more details on the recent compromise of debian.org machines
Previous by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Index(es):
- Date
- Thread