Re: DSA 438 - bad server time, bad kernel version or information delayed?
Le jeudi 19 février 2004 à 09h24 (+0100), Jan Lühr écrivait :
> What about establishing some kind of warning service? E.g. sshd has a well
> known serious leak, you should shut it down for the next few days.
Warning: the Linux kernel has a well known serious leak,
you should shut all your servers down for the next few weeks.
Sorry, I couln't resist! ;-)))
This is not an easy decision: the alert may alert bad guys too...
"Oh! There is some kind vulnerability nobody knows and has
corrected in SSH! Let's look for it and use it quick before
anybody has been able to patch it!"
But this was not the main point of my first mail: I only ask for
putting some information about the delay in the announcement.
It will just be usefull (and alertless) for these people (like me)
checking for the kernel compile time against the announcement date.
Regards,
--
J.C. "プログフ" ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé technologie projet Reflets (CODA)
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747
⎧ Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ⎫
⎩ ou Word ; voir http://www.fsf.org/philosophy/no-word-attachments.fr.html ⎭
Reply to: