Re: Updating scanners and filters in Debian stable (3.1)
Stephen Gran <firstname.lastname@example.org> writes:
> I thought that 'issues related to the development of debian' was on topic
> for this list. It is not at all clear to me that this is a security
> issue, because outdated A/V software usually does not place the server
> it runs on at risk for compromise.
We have been told that:
1) Outdated A/V software must be upgraded, because the upgrading is
critical to the security of the machine that relies on it.
2) If it is not upgraded, then it is better not to have it at all.
Both of those seem to be true to me of, say:
A) Outdated ssh binaries must be ugraded, because the upgrading is
critical to the security of the machine that relies on them.
B) If they are not upgraded, then it is better not to have them at
Now in the case of ssh, we have set up a special security archive to
deal with the case.
I think (1) is true, and I think both (A) and (B) are true. I am not
sure about (2), but I do understand why people are arguing for it. If
they are correct, then it seems to me that the security archive is
already an excellent place for the updates.