[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating scanners and filters in Debian stable (3.1)



On 06 Oct 2004 12:33:42 -0700, Thomas Bushnell BSG <tb@becket.net> said: 

> Stephen Gran <sgran@debian.org> writes:
>> I thought that 'issues related to the development of debian' was on
>> topic for this list.  It is not at all clear to me that this is a
>> security issue, because outdated A/V software usually does not
>> place the server it runs on at risk for compromise.

> We have been told that:

> 1) Outdated A/V software must be upgraded, because the upgrading is
>    critical to the security of the machine that relies on it.

	Really? Not updating cirus information makes my machine
 vulnerable all by itself? I dispute that.

	I may agree that the virus detection software on this machine
 may be less useful, but that is a far cry from a security
 vulnerability. 

> 2) If it is not upgraded, then it is better not to have it at all.

	I contest this as well. At least for a period the software is
 efficacious, and even if it gradually degrades in utility over time,
 an all-or-nothing approach is still sub-optimal.


> I think (1) is true, and I am not sure about (2), but I do
> understand why people are arguing for it.  If they are correct, then
> it seems to me that the security archive is already an excellent
> place for the updates.

	Well, while this may well be analogous, it is far from being
 the same thing, and I don't think the security team should be saddled
 with yet another task.

	If the individual members of the security team want to help
 with the task of keeping virus scanning packages effective, they can,
 as always, do what they wish. But calling it a security team issue
 since it has things in common with the  what the team does not make
 it correct.

	manoj
-- 
If the girl you love moves in with another guy once, it's more than
enough. Twice, it's much too much.  Three times, it's the story of your life.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



Reply to: