Re: Food for thought - SECURITY (design flaw?)

To: debian-security@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Food for thought - SECURITY (design flaw?)
From: Andrea Glorioso <sama@aglorioso.com>
Date: 11 Feb 2001 11:07:08 +0100
Message-id: <87lmrd8reb.fsf@prometeo.aglorioso.com>
In-reply-to: <20010211030436.A3627@overdue.dhis.net> (Lazarus Long's message of "Sun, 11 Feb 2001 03:04:36 +0000")
References: <20010211030436.A3627@overdue.dhis.net>

>>>>> "Laz" == Lazarus Long <lazarus@overdue.dhis.net> writes:

    Laz> Something seems "not quite right" with choosing
    Laz> woody/testing, as "safer" than sid.

I was under the impression that woody was safer than sid from a
"apt-get upgrade won't crash my system" point of view rather than from
a security perspective.  If you want security, stick with potato.
Bleeding-edge software (or near bleeding-edge software) rarely can
give you the kind of security assurance that you need if you put a
security.debian.org line in your /etc/apt/sources.list.

OTOH, there is some software in potato which is quite old (such as
OpenSSH, as the recent bug showed).  But the security team did a
wonderful job in backporting the spatch.

Bye,

Andrea Glorioso
-- 
Non e' abbastanza fare dei passi che un giorno ci porteranno ad uno
scopo, ogni passo deve essere lui stesso uno scopo, nello stesso
tempo in cui ci porta avanti.

Attachment: pgpTmnV5z49hL.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Food for thought - SECURITY (design flaw?)
  - From: Carlos Carvalho <carlos@fisica.ufpr.br>

References:
- Food for thought - SECURITY (design flaw?)
  - From: Lazarus Long <lazarus@overdue.dhis.net>

Prev by Date: Food for thought - SECURITY (design flaw?)
Next by Date: Re: Strange firewall logs
Previous by thread: Food for thought - SECURITY (design flaw?)
Next by thread: Re: Food for thought - SECURITY (design flaw?)
Index(es):
- Date
- Thread