[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My machine was hacked - possibly via sshd?

On Tue, 2005-03-29 at 15:25 -0500, Noah Meyerhans wrote:

> On Tue, Mar 29, 2005 at 01:38:55PM +0100, Simon Heywood wrote:
> > > Sorry, but this isn't correct.  kernel 2.4.18-1 in woody is patched
> > > against known vulnerability.
> > 
> > The security team have quietly stopped updating it, preferring to
> > concentrate on the Sarge kernels.
> 
> The security team does not currently support the sarge kernels in any
> way.  They are still in the hands of the Debian kernel package
> maintainers.  It would be utterly rediculous to drop support for
> anything in the offical Debian release in favor of an unreleased
> development version.

And this, in reality, is why Woody is so old.  I cannot imagine any
other distro providing such an old kernel.  If Debian keeps this
attitude up of 'we like it stable, old is fine, stfu' then you're going
to keep losing a lot of people/users.  Open your eyes and see what's
happening, there's a reason why flavours like Ubuntu, Mepis et al are so
goddamn popular, and there's a reason why i'd hesitate to say that the
numbers of Debian users are dropping.  You many not notice it because
your servers get hit more often (due to other distros using the apt-get
repositories).  

I'm sure there's some of you even running 'potato' out there, quite
happily.  I'll make an example, Slackware has a very solid reputation
for reliability and stability, yet it manages to have much more frequent
release dates, and much newer versions of packages.  And there's only
(from memory) 3 people working on it.  The Libranet development team
have just written a GUI installer from scratch, in less than six months,
between 2 people.  Sure, it doesn't support all the arches that Debian
proper does, but that's overkill imho.  Debian has no excuses.  Its
stable release is just plain old.  If Debian was a 'paying' distro, it'd
have no, or very few customers.  Think about that.  There's a difference
between a workable level of bugs in a release, and a pedantic approach
of every bug must be squashed before releasing.  That's the approach
that i'm seeing Debian employing.  

I don't particularly want to see Debian die out, or become irrelevant
because others are doing a better job.  

Dave

-- 
I heard that the Aussie prime minister Jonny 'boy' Howard was so far up
George W.Bush's ass that he could see the feet of Tony Blair ...
Reply to: