Re: [OT] Release cycle - was Re: My machine was hacked - possibly via sshd?

To: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [OT] Release cycle - was Re: My machine was hacked - possibly via sshd?
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Wed, 30 Mar 2005 19:19:47 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050330190813.6104A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 424AEA3A.5070504@yahoo.com>


On Wed, 30 Mar 2005, Malcolm Ferguson wrote:

> David Pastern wrote:

...
 
> >The only way to fix a problem is for everyone to discuss it, and that
> >means the users and not just the developers.
> >
> 
> I completely agree that this needs to be discussed, but is a Debian 
> security list the right forum?

discussed is good ... as long as the points are valid and true

if it's an opinion, that is okay too but should NOT be imposed on others

- for the security iss of sshd ..
	- it sounds like it was a "computer and network security policy"
	issue more than a specific sshd problem

- security is NOT just the availability of the latest or stable apps

long release cycles is good  for some
daily release cycles is good for others

"testing" is available for everybody ( daily ) .. users and developers ...
	so there is no reason why everybody cannot be running the lastest
	and greatest

	the only distinction between users and developers, is that
	maybe a user cannot check in changes and updates
	otherwise, all users have access to everything

- if you want daily updates .. 
	you probably do have the time to test things daily

- if there was a known ssh exploit or apache or any other problem, even
  old stable versions are patched when its critical enough

- if *you* think that this app needs to be updated in the other versions,
  *you* can update it yourself at anytime to prevent that vulnerability
  from being exploited, but if the "team" didn't think it was important
  enough, does not mean that they should do so, or that the distro is bad

	- personally, i always upgrade to the latest greatest of 
	just about everything i consider important .. as there is not
	a single distro has the "latest" of what i want

> It's clear that Debian is used for different purposes and one size might 
> not fit all.

yyp

>  Personally I like long release cycles.  I can't stand 
> constantly tinkering with my systems. 

tinkering is good for development and testing and those that like to
tinker

tinkering is bad for production boxes

i mix and match as needed, and depending on who's box it is,
the oldest servers is over 4yrs old and the newest servers
are at most a day old

c ya
alvin

Reply to:

References:
- [OT] Release cycle - was Re: My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>

Prev by Date: Re: [OT] Release cycle - was Re: My machine was hacked - possibly via sshd?
Next by Date: Re: My machine was hacked - possibly via sshd?
Previous by thread: Re: [OT] Release cycle - was Re: My machine was hacked - possibly via sshd?
Next by thread: OT - was Re: My machine was hacked - possibly via sshd?
Index(es):
- Date
- Thread