Re: trojan horse on testing?

To: Debian Security List <debian-security@lists.debian.org>
Subject: Re: trojan horse on testing?
From: Noah Meyerhans <noahm@debian.org>
Date: Fri, 9 May 2003 14:38:22 -0400
Message-id: <20030509183822.GI23935@unblinking-eye.lcs.mit.edu>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, Debian Security List <debian-security@lists.debian.org>
In-reply-to: <Pine.LNX.4.44.0305092032280.3483-100000@petertosh>
References: <20030509180620.GA1811@twerner42.de> <Pine.LNX.4.44.0305092032280.3483-100000@petertosh>

On Fri, May 09, 2003 at 08:34:16PM +0200, tomas pospisek wrote:
> 
> Packages that have security relevant bugs in testing could be kicked
> ___immediately___ out of testing. What do people think?

That wouldn't help anything.  People would have already installed the
vulnerable package.  apt-get wouldn't remove it from their systems just
'cause it's no longer available in the archive.

The only people that would be helped by this are people who upgrade from
a safe version the package (thus, a security patched stable system, most
likely) after the vulnerability has been discovered.  That's likely to
be a very very rare case.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html

Attachment: pgput7bSoTehs.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: trojan horse on testing?
  - From: "Jaan Sarv" <jaan@sarv.ee>

Prev by Date: Re: chattr +a in /var/log files
Next by Date: Re: trojan horse on testing?
Previous by thread: Re: ptrace fix in 2.4
Next by thread: Re: trojan horse on testing?
Index(es):
- Date
- Thread