Re: Does Debian need to enforce a better Security policy for packages?

To: debian-security@lists.debian.org
Subject: Re: Does Debian need to enforce a better Security policy for packages?
From: "Paul Haesler" <paul@phaesler.org>
Date: Wed, 24 Oct 2001 20:52:44 +1000
Message-id: <E15wLeR-0000y2-00@marge.haeslernet>
In-reply-to: <20011024101959.C21785@salem.getuid.de>
References: <20011023222802.A1984@netrinsics.com>

> > The alternative is the "ostrich" method of security management.
>
> What's that kind of method? I never heared about that name.

It was once a widespread belief that the ostrich's method of "hiding"
from predators was to bury it's head in the sand. This is obviously
untrue, but the concept has worked its way into the english 
language.  It's an idiom for dealing with problems by pretending 
they aren't there. 

I don't feel the metaphor was particularly valid in this case however.

If you want an audited O/S, use OpenBSD, but be prepared for
a very small distribution by Debian standards.

And even OpenBSD don't audit every single line of code in every 
package - they audit "every critical software component".  That
word "critical" wouldn't be there if it didn't mean something.

--
Paul Haesler                    paul@phaesler.org
                                ICQ: 124547085

Reply to:

References:
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Michael Robinson <robinson@netrinsics.com>
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Christian Kurz <shorty@debian.org>

Prev by Date: Re: Does Debian need to enforce a better Security policy for packages?
Next by Date: qmail ERR- authorization
Previous by thread: Re: Does Debian need to enforce a better Security policy for packages?
Next by thread: Re: Does Debian need to enforce a better Security policy for packages?
Index(es):
- Date
- Thread