Re: DSA 438 - bad server time, bad kernel version or information delayed?

[Florian Weimer <fw@deneb.enyo.de>]

Jan Lühr wrote:

> > You don't.  Tough luck, of course, but that's the price for running
> > affordable, off-the-shelf software (free or proprietary).
> 
> well, this might be a reason for using computers in situations we use 'em 
> today.

Probably yes.  If the costs for software production were one or two
magnitudes higher because only error rates in the range of one error per
10 KSLOCS were tolerated by the market, it's unlikely that anybody would
use free software for its technical merits. 8-)

> I'm just feeling like a helpless person, threadening by a serious
> disease, who is going to be informened about it, when a cure exists.
> Trust me, that doesn't feel right.

Your analogy is quite instructive.  At least in Germany, you don't
lightheartedly test people Huntington's disease.  Chorea Huntington can
be reliably predicted using genetic tests -- but you better make sure
that someone can deal with the knowledge that he or she will inevitably
fall victim to the disease in a few years.

Large institutions tend to react quite irrational if they are confronted
with possibly far-reaching defects.  It doesn't matter if a fix is
available, it's often very expensive to deploy.  The security
announcement alone can cause significant costs and service disruption.