martin f krafft wrote:
I don't mean to sound like an ass, but if you have a mission-critical server or any server with secret data on it shouldn't a firewall already be in place for it? I mean it is naive to expect all software to not have security issues sometimes. Plus there is a good chance that someone who wishes to get the information off of your server could have learned about the exploit before it was reported to or by the debian security team. I think pretty much that the debian security team exists more for making applications secure not for keeping your system secure, if that makes sense. Pretty much the security team is doing a different job then you expect them to.That's a thing of your webhoster. But if I knew of e.g. a root exploit in the HTTP part of a mission-critical server containing secret data, i want to turn it off, or take additional security precautions, like a firewall layer etc.
I dunno, Tucker