Re: How secure is an installation with with no non-free packages?

To: Jordon Bedwell <jordon@envygeeks.com>
Cc: adrelanos <adrelanos@riseup.net>, debian-security@lists.debian.org
Subject: Re: How secure is an installation with with no non-free packages?
From: Pedro Worcel <pedro@worcel.com>
Date: Fri, 13 Sep 2013 14:29:58 +1200
Message-id: <[🔎] CAPS+U9-VGu1CZ1zRB6pjKiOThAM8LXtXKhgFqiY-ioqcPf8Peg@mail.gmail.com>
In-reply-to: <[🔎] CAM5XQnzeQg4-8qcYXryBWjaNqrUmPEVSXtLgES3mrHXJwT54Jg@mail.gmail.com>
References: <[🔎] 523234F5.1090002@riseup.net> <[🔎] 52325160.1000606@riseup.net> <[🔎] 5232614A.7050708@debian.org> <[🔎] 52326419.2070605@riseup.net> <[🔎] CAAr43iMfQByPp=+O+2B0Y1JLA7Ynwu7EkvcxLygPud_3FP=CFA@mail.gmail.com> <[🔎] 52327254.7030603@riseup.net> <[🔎] CAM5XQnzeQg4-8qcYXryBWjaNqrUmPEVSXtLgES3mrHXJwT54Jg@mail.gmail.com>

> Who said they improve security? We don't know what they are. And I doubt

> they will patch a backdoor at this moment, specially when you don't know

> what the hell they have in your hardware. So my guess is that it's more

> likely their microcode is inserting a backdoor instead of patching it

Are there some sort of release notes for these patches?

2013/9/13 Jordon Bedwell <jordon@envygeeks.com>

On Thu, Sep 12, 2013 at 9:03 PM, adrelanos <adrelanos@riseup.net> wrote:
> Microcode. (I guess if the vulnerability can not be fixed with some kind
> of firmware upgrade and is used in the wild, that would be a reason to
> get it replaced for free or being required to buy a new one.)

I'm not a lawyer but even I know a vendor like Intel or AMD cannot
"require" you to buy a new processor as long as it's under warranty,
and security/performance issues do count as a warranty issue... they
do microcode updates now to avoid having to recall because of that
type of situation not to mention the numerous other benefits such as
fast shipping and other stuff.

--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: [🔎] CAM5XQnzeQg4-8qcYXryBWjaNqrUmPEVSXtLgES3mrHXJwT54Jg@mail.gmail.com" target="_blank">http://lists.debian.org/[🔎] CAM5XQnzeQg4-8qcYXryBWjaNqrUmPEVSXtLgES3mrHXJwT54Jg@mail.gmail.com

--

GPG: http://is.gd/droope

Reply to:

Follow-Ups:
- Re: How secure is an installation with with no non-free packages?
  - From: Jordon Bedwell <jordon@envygeeks.com>

References:
- How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>
- Re: How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>
- Re: How secure is an installation with with no non-free packages?
  - From: Jose Luis Rivas <ghostbar@debian.org>
- Re: How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>
- Re: How secure is an installation with with no non-free packages?
  - From: Joel Rees <joel.rees@gmail.com>
- Re: How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>
- Re: How secure is an installation with with no non-free packages?
  - From: Jordon Bedwell <jordon@envygeeks.com>

Prev by Date: Re: How secure is an installation with with no non-free packages?
Next by Date: Re: How secure is an installation with with no non-free packages?
Previous by thread: Re: How secure is an installation with with no non-free packages?
Next by thread: Re: How secure is an installation with with no non-free packages?
Index(es):
- Date
- Thread