Re: Updating scanners and filters in Debian stable (3.1)
On 06 Oct 2004 12:33:42 -0700, Thomas Bushnell BSG <firstname.lastname@example.org> said:
> Stephen Gran <email@example.com> writes:
>> I thought that 'issues related to the development of debian' was on
>> topic for this list. It is not at all clear to me that this is a
>> security issue, because outdated A/V software usually does not
>> place the server it runs on at risk for compromise.
> We have been told that:
> 1) Outdated A/V software must be upgraded, because the upgrading is
> critical to the security of the machine that relies on it.
Really? Not updating cirus information makes my machine
vulnerable all by itself? I dispute that.
I may agree that the virus detection software on this machine
may be less useful, but that is a far cry from a security
> 2) If it is not upgraded, then it is better not to have it at all.
I contest this as well. At least for a period the software is
efficacious, and even if it gradually degrades in utility over time,
an all-or-nothing approach is still sub-optimal.
> I think (1) is true, and I am not sure about (2), but I do
> understand why people are arguing for it. If they are correct, then
> it seems to me that the security archive is already an excellent
> place for the updates.
Well, while this may well be analogous, it is far from being
the same thing, and I don't think the security team should be saddled
with yet another task.
If the individual members of the security team want to help
with the task of keeping virus scanning packages effective, they can,
as always, do what they wish. But calling it a security team issue
since it has things in common with the what the team does not make
If the girl you love moves in with another guy once, it's more than
enough. Twice, it's much too much. Three times, it's the story of your life.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C