On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote: > On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote: > > On Wed, Dec 03, 2003 at 11:17:19AM +1100, Russell Coker wrote: > > > > > The only way to have avoided this kernel vulnerability from day-0 of > > discovery/fix release would have been to be constantly upgrading to > > pre-release kernels. > > > > I'm starting to sound like I'm trolling for closed-source development models > > or something, which is not the case, > > Smartcards would have avoided the Debian compromise: merely having a > compromised DD box would have prevented bad guy from getting on the box. Perhaps. But smartcards have a significant problem in a project such as Debian: Are you going to pay for all those smartcards plus their readers? Including any smartcards for possible future DD's? If not, I suggest we forget about this, as it won't be feasible. -- Wouter Verhelst Debian GNU/Linux -- http://www.debian.org Nederlandstalige Linux-documentatie -- http://nl.linux.org "Stop breathing down my neck." "My breathing is merely a simulation." "So is my neck, stop it anyway!" -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.
Description: Digital signature