Re: DSA 438 - bad server time, bad kernel version or information delayed?

To: debian-security@lists.debian.org
Subject: Re: DSA 438 - bad server time, bad kernel version or information delayed?
From: Jan Lühr <jluehr@gmx.net>
Date: Wed, 18 Feb 2004 19:54:45 +0100
Message-id: <[🔎] 200402181954.53985.jluehr@gmx.net>
In-reply-to: <[🔎] 20040218180625.GA31401@steve.org.uk>
References: <m1AtTe6-000pqXC@finlandia.Infodrom.North.DE> <[🔎] 20040218165906.GB14615@virus.home> <[🔎] 20040218180625.GA31401@steve.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

Am Mittwoch, 18. Februar 2004 19:06 schrieb Steve Kemp:
> On Wed, Feb 18, 2004 at 11:59:06PM +0700, Jean Christophe ANDR? wrote:
> > Does any body could tell me why the /boot/vmlinuz-2.4.18-1-686
> > from kernel-image-2.4.18-1-686 version 2.4.18-12.2 is dated
> > Feb  1 19:53 instead of today???
>
>   The obvious reason is that the kernel was built then, but the DSA
>  wasn't released until now.
>
>   (Maybe for coordination with other vendors, maybe to wait for all
>  the other kernels to be built so there could be a release of them
>  all at the same time).

Does this mean, that a well known exploit was kept back for nearly three 
weeks, just because some odd vendors were unable to build there kernels in 
time?

After the last OpenSSH exploit, I thought that this kind of intransparency is 
limited to OpenBSD, but to what f*** h*** is OpenSource software driving to?
Tranparency is the most important aspect of secure OpenSource Software. 
(Anyway, imho it's the one and only argument for OpenSource software beeing 
morre secure then other.)
What's going on here?

Keep smiling
yanosz

P.S. Please forgive the 4-letter words, but I'm quit excited - I beg your 
pardon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQIVAwUBQDO0/NAHMQ8GQaYRAQKXNQ//Y/tIRHPHAwYRJomB1B8hyO4cpVQymizn
0VHSMZzD7CfMwo5MF8hR0K9DlQvnLvUSYxC68Ke/BtIhG+Qic7GbLefuv1pCxnrh
p98QsjK//u/M5yw1mRVEiC6zwmCd5yLjqAOt19VBfAHKDiX5ODP4lG3CwPjG8OMR
6kTm593nw26KjJLMFCwkIYrb4Cu+DnMJ88fzKS9DYx1QH4HKkWjZs0uw8KLHo6qh
v5osKWZZm5HJeucp5mCUtsuCEEWr8r3F2M6dlW6KOnxG39hnRhv95hjMaSbgzfJJ
yv/Z+bRLLuCaP9eTLQNZcm/oncvU0riCBn4Sm0+XkxooFvdZB7d63p3itwhLJyjl
A+p5NIflml041QlpS9FZyGetc7djecDQp+nJzUrb2WTQU+XBSV8eWrAvVOeuIwgO
lbG7pVC/J7m+ksQE2ouq7zDqUgL5z4LxLNbu0ARqbzvxnfm8d7Qo+7JGWrkwPEtn
QprqOuDadrN3WoI4TzPyKIJ0rAQRQAWojorwh3srF3AuSxtt41LV5cS08BunNLOH
NYqlu+T49ghoIdM00tnTB9vd9LkIPaFFi0/swFO8NdlYt1hew0SNjVAlBUcgtp7z
vu41qNFtacn1YMgrnJGV3UCr30U4KjbMzlTWPRTOZXKoLEwk0R3TLwWT+Y5jjd43
wXKAXm+uqxw=
=zZqZ
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Sven Hoexter <sven@timegate.de>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>
- Re: DSA 438 - bad server time, bad kernel version or information delayed?
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Next by Date: Re: Help! File permissions keep changing...
Previous by thread: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Next by thread: Re: DSA 438 - bad server time, bad kernel version or information delayed?
Index(es):
- Date
- Thread