Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
From: "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de>
Date: Wed, 28 Jul 2004 10:02:48 +0200
Message-id: <[🔎] 20040728080248.GA26244@pcpool00.mathematik.uni-freiburg.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.58.0407271225000.26002@illuminati.stderr.org>
References: <20040723032933.GZ4126@alcor.net> <[🔎] 410635F6.8080108@rhesa.com> <[🔎] 20040727114219.GF13168@westend.com> <[🔎] 41067CA1.9050505@rhesa.com> <[🔎] Pine.LNX.4.58.0407271225000.26002@illuminati.stderr.org>

* elijah wright <elw@stderr.org> [040727 19:40]:
> and it probably would have been fine, if you'd been running a stock
> config.

If things only have to be fine when using a stock config, why not
abolish all those limiting rules about /etc and just disallow the
use to cope with it directly and keep it under total control of
the packaging system and some configuration managment like some
YaST ported to Debian? </SARKASM>

> with great power comes great responsibility (for your customized servers
> :) )
> 
> in general i don't like the thought of funky hacks being added to packages
> just to avoid stomping all over someone else's custom setup.

Hallo? This is Debian. Changing a configuration file is proper and
intended use of the system. Making such things break is the worst thing
after remote root exploits and deleting arbitrary data in my eyes. And
I think in many other people's eyes, who choose Debian.

Hochachtungsvoll,
	Bernhard R. Link

Reply to:

Follow-Ups:
- Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
  - From: elijah wright <elw@stderr.org>

References:
- Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
  - From: Rhesa Rozendaal <rhesa@rhesa.com>
- Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
  - From: Christian Hammers <ch@lathspell.de>
- Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
  - From: Rhesa Rozendaal <rhesa@rhesa.com>
- Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
  - From: elijah wright <elw@stderr.org>

Prev by Date: Re: PaX on Debian (Kernel Settings)
Next by Date: Re: init scripts and su
Previous by thread: Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
Next by thread: Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
Index(es):
- Date
- Thread