[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: should debian comment about the recent 'ransomware' malware.



I agree with your conclusion that we shouldn't make a public statement
trying to capitalise on this, but:

Russ Allbery writes ("Re: should debian comment about the recent 'ransomware' malware."):
> This is not a case where Microsoft did something clearly wrong, or even
> differently than we would have done, or where free software would have
> helped significantly.

I can't let this slide.

If these systems were running Debian, big organisations like the
British government could hire people to provide security support for
their users, even for versions which we no longer support.  When the
obsolete operating system is Windows, they can only hire Microsoft,
who can set the price at whatever they think the market will bear.

As it happens this particular vulnerability was indeed fixed by
Microsoft, and that the UK NHS suffered so much is because of
government and management failures[1].  But in general, users who for
any reason are stuck on very old systems are in a much better position
if those systems are free software.

Also, Debian's engineering approaches mean it's easier to support
obsolete environments, eg via chroots and/or mixed systems and/or
selective backporting.

Ian.

[1] The NHS has been seriously underfunded and can't afford to hire
enough good IT people (or indeed enough medics); and there has been a
drive to replace IT systems with massive centralised IT disaster
projects, which has starved existing systems of attention and
resources.


Reply to: