[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does Debian need to enforce a better Security policy for packages?

> > The alternative is the "ostrich" method of security management.
> What's that kind of method? I never heared about that name.

It was once a widespread belief that the ostrich's method of "hiding"
from predators was to bury it's head in the sand. This is obviously
untrue, but the concept has worked its way into the english 
language.  It's an idiom for dealing with problems by pretending 
they aren't there. 

I don't feel the metaphor was particularly valid in this case however.

If you want an audited O/S, use OpenBSD, but be prepared for
a very small distribution by Debian standards.

And even OpenBSD don't audit every single line of code in every 
package - they audit "every critical software component".  That
word "critical" wouldn't be there if it didn't mean something.

Paul Haesler                    paul@phaesler.org
                                ICQ: 124547085

Reply to: