Re: Does Debian need to enforce a better Security policy for packages?
> > The alternative is the "ostrich" method of security management.
> What's that kind of method? I never heared about that name.
It was once a widespread belief that the ostrich's method of "hiding"
from predators was to bury it's head in the sand. This is obviously
untrue, but the concept has worked its way into the english
language. It's an idiom for dealing with problems by pretending
they aren't there.
I don't feel the metaphor was particularly valid in this case however.
If you want an audited O/S, use OpenBSD, but be prepared for
a very small distribution by Debian standards.
And even OpenBSD don't audit every single line of code in every
package - they audit "every critical software component". That
word "critical" wouldn't be there if it didn't mean something.
Paul Haesler firstname.lastname@example.org