Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?
On Wed, Dec 03, 2003 at 06:46:51AM -0800, Karsten M. Self wrote:
> on Wed, Dec 03, 2003 at 01:31:29PM +0000, Dale Amon (amon@vnl.com) wrote:
> > On Wed, Dec 03, 2003 at 03:21:57PM +0200, Riku Valli wrote:
> > > This is reason why i ask what about stock kernels, because i belive i am not
> > > lonely cowboy at the middle of the no where. Debian is distrubution and
> >
> > Probably not... it is just that amongst a security conscious
> > group you are likely to find that most will build their own
> > kernels and add their own security patches. Paranoia is your friend
> > in security.
[...]
> Having a team that shares experience and combines talents in patching a
> kernel and tuning it to secure configurations is a preferable approach.
I tend to disagree. The kernel is a versatile program, it can be
patched, configured and compiled in too many ways. As far as I
know, Debian is not is not intended to best fit the needs of a
security architecture, but to provide a usable environment to
the mass of slightly advanced skills. The requirements often
conflict, and while the developers do their best to fulfill
as many as possible of them (for instance, by creating
alternative kernel packeges), in certain situation they might
choose to prefer something else over security.
To sum up, it's always great to have a chance to learn from
the more experienced, but I don't expect them to do my homework.
They are not supposed to.
> While you _might_ do well on your own, the typical admin doesn't have
> these skills.
As times go I'm more and more convinced you're right.
Conversely... we're on debian-security, after all.
bit,
adam
PS: Apologies for the ranting I sent at the beginning of the
other thread. I, too, didn't realize that no-one had known
about the possible impacts of the kernel bug.
--
Am I a cleric? | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever? | 82DD 54C2 843D 37B8 D989
Renegade? | http://www.keyserver.net
Reply to: